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Virtual  Private  Networks  (VPNs) 
promise  to  build  and  extend  your 
corporate  network  by  leveraging  the 
global  reach  of  the  Internet.  In  fact, 
according  to  the  1998  NetworkWorld 
500  study,  58%  of  network  managers 
are  seriously  considering  deploying  a 
VPN  in  the  next  12  months. Vendors 
are  rushing  to  incorporate  this  tech¬ 
nology  into  products  ranging  from 
routers  to  firewalls  to  remote  access 
servers.  In  addition  to  VPN  products 
from  networking  vendors,  many 
carriers,  ISPs,  and  value-added  network 
providers  will  offer  fully  managed  VPN 
services.  Users  wonder  what’s  involved 
in  deploying  and  managing  VPNs,  and 
how  VPNs  will  integrate  with  current 
network  operations. 


November  10 
November  1 1 
December  I 
December  2 


Washington,  DC 
Atlanta,  GA 
New  York,  NY 
Boston,  MA 


PROGRAM  OVERVIEW 


VPN  '98  will  help  you  determine  the 
benefits  and  risks  ofVPNs  by  exploring 
all  aspects  of  this  technology  and  how 
it  stacks  up  against  more  private  alter¬ 
natives  such  as  frame  relay  and  leased 
line  solutions.This  seminar,  taught  by 
Andrew  Hacker,  a  VPN  expert  with 
The  Tolly  Group,  will  address  every¬ 
thing  from  VPN  fundamentals  and 
security  issues,  to  class  of  service 
and  performance. 

Get  the  hard  facts  you  need  to 
embrace  VPN  technology,  identify  how 
product  and  service  offerings  meet 
your  needs,  and  make  VPNs  work  for 
you.  Register  today  to  attend  VPN  '98. 


98 
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the  Extended  Enterprise 


Presented  by 

Andrew  Hacker 
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BENEFITS  OF  ATTENDING 


Understand  the  various  architectural 


Understand  appropriate  applications 


approaches  to  Virtual  Private  Networks  for  VPN 


Learn  how  VPNs  implement  secure 
protocols  and  encryption  standards 
such  as  the  lETF’s  emerging  IP  Security 
(IPSec),  Data  Encryption  Standard 
(DES), Triple  DES,  and  Layer  2  Tunneling 
Protocol  (L2TP) 

Compare  and  contrast  VPN 
performance  with  what  you’ve  come 
to  expect  from  existing  private 
networks 

Ensure  that  VPN  products  offer 
support  for  your  network  platforms 
and  protocols 


Discover  how  VPNs  can  provide 
guaranteed  service  levels 

Explore  the  issues  of  implementing 
and  managing  VPN  technology  and  its 
impact  on  your  IS  budget 

Learn  the  benefits  and  tradeoffs  of 
VPNs  versus  alternatives  such  as  frame 
relay  and  leased  lines 

Understand  the  role  of  ISPs,  carriers, 
and  value-added  network  providers 

Speak  with  VPN  vendor  representatives 
to  address  your  specific  needs 
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Check  out  leading  vendors  in  the 

VPN  ’98  Showcase 


TURN  TO  INSIDE  BACK 


Seminar  Outline 


INTRODUCTION 

Keeping  up  with  an  emerging  technology  can  be  difficult.  VPN  func¬ 
tionality  is  being  offered  by  a  large  number  of  companies  in  a  wide 
range  of  products.  This  section  describes  VPN  basics  and  the  VPN 
market  today  including  what  kind  of  companies  and  products  offer 
which  VPN  services. 

■  What  Is  a  VPN? 

■  Why  Use  VPNs? 

>-  Driving  Factors 

>•  Business  and  Network  Evolution 

■  What  Are  the  Elements  of  a  VPN? 

►  Overview  of  VPN  Product  Types 
>•  Underlying  Network  Infrastructure 

■  Comparing  VPNs  and  Alternatives 

>-  Frame  Relay 
>-  Leased  Line 

►  ATM 

VPN  CONCEPTS 
AND  DESIGN 

There  is  a  wide  range  of  VPN  implementations  available  today. 
Learn  the  various  VPN  architectures  and  compare  the  secure  pro¬ 
tocols  that  make  VPNs  possible. 

VPIM  Architectures 

■  Where  Can  You  Find  VPN  Products 
and  Services? 

►  Firewalls 
>-  Routers 

>•  Remote  Access  Servers 
>-  Standalone  Servers 
>•  Third-party  VPN  Services 

■  Who  Provides  VPN  Network  Infrastructure? 

►  ISPs 

>-  Carriers 

►  Access  Point  Technologies 
>-  VANs 

>•  Private  Networks 

■  VPNs  for  Users 

►  Dial-in  Users 

>•  Peer  Communications 

►  Intranet  VPNs 


■  VPNs  for  Networks 

►  Connecting  Enterprise  Private  Networks 
>-  Remote  Branch  Office  LANs 
>■  Access  for  Corporate  Partners 

Comparing  VPN  Protocols 

■  Layer  2  Tunneling  Protocol 

■  Secure  IP 

>-  Point-Point  Tunneling  Protocol 
>-  Layer  2  Forwarding 
>■  Secure  Sockets  Layer 

■  What  LAN  Protocols  Are  Supported? 

■  What  Platforms  Can  Run  VPNs? 

INTEGRATING  VPNs  INTO 
YOUR  PRIVATE  NETWORK 

VPNs  offer  new  dimensions  to  your  network's  accessibility,  but  at 
what  price?  This  section  addresses  various  aspects  of  VPNs  and 
how  they  compare  with  what  you've  come  to  expect  from  your  pri¬ 
vate  network. 

■  Appropriate  Business  Applications 

■  VPN  vs.  Private  Network  Performance 

■  Providing  Quality  of  Service 

>-  Service  Levels 
>■  Bandwidth  Management 

■  Interoperability 

■  Manageability 

>-  Administration 
>-  Accounting 
>-  Troubleshooting 


Security  is  the  cornerstone  of  the  VPN  technology.  Explore  the  risks 
involved  in  putting  your  company's  data  on  a  public  network  and  the 
various  components  involved  in  providing  VPN  security. 

■  Authentication/Access  Control 

►  End-station  vs.  User  Authentication 
>•  CHAP  and  PAP  Tunnel  Authentication 

►  TACACS  and  RADIUS 


■  Encryption 

>•  Encryption  Standards 

►  Certificate  and  Key  Technology 
>■  Network  Address  Translation 

■  Management 

>•  Logging/Auditing 

>■  Access  Control  Administration 

►  Key  Management 


EVALUATING  VPN  PRODUCTS 
AND  SERVICES 

If  you're  going  to  implement  VPNs  for  your  company,  you  need 
to  know  the  right  questions  to  ask  vendors  when  evaluating 
various  VPN  implementation  options.  This  section  outlines 
some  key  areas  to  investigate. 

■  In-house  vs.  Third-party  Implementation 

►  Service  Guarantees 
>-  Customer  Premise  Equipment 

■  What  Aspects  of  VPNs  Should  Be  Tailored  to  Your  Specific 
Network  Needs? 

■  What  Ease-of-Use  Features  Should 
You  Expect? 

■  Future  Proofing:  Scaling  and  Upgrading 

■  Reliability 

■  Performance 

>-  Hardware-Based  Acceleration 

■  Price 


YOUR  $450  REGISTRATION 
FEE  ALSO  INCLUDES  . . . 


■  Comprehensive  Seminar  Workbook 

■  Exclusive  Network  WorldM PN  Resource  CD-ROM 

■  Continental  breakfast,  luncheon,  and  break  refreshments 

■  Opportunity  to  visit  with  leading  VPN  vendors 

Note:  If  you  can't  attend,  call  us  and  order  the  informative  and  useful 
attendee  materials  kit  for  just  $99! 


SECURITY 


to  register:  call  (800)643-4668  or  visit  us  on  the  web  www.nwfusion.com/seminars 


ABOUT  THE  SEMINAR  PRESENTER  . . . 

Andrew  Hacker  is  a  Senior  Engineer/Analyst  at  The  Tolly  Group.  He  provides 
strategic  consulting  and  industry  analysis  to  leading  end-user  organizations  and 
government  agencies  in  their  assessment  and  implementation  of  high-end  com¬ 
puter  and  communications  systems.  His  areas  of  expertise  include  ATM,  Gigabit 
Ethernet,  and  Virtual  Private  Networks.  He  has  played  a  vital  role  in  The  Tolly 
Group's  development  of  sophisticated  test  methodologies  for  evaluating  the 
industry's  leading-edge  technology  products. 

Mr.  Hacker's  recent  speaking  schedule  includes  ComNet,  GigNet,  and  the  Gigabit 
Ethernet  Conference.  He  has  authored  numerous  feature  stories  in  the  industry's 
leading  trade  publications  including  Network  World,  Data  Communications,  LAN 
Times,  Internet  Week,  and  Business  Communications  Review. 


ENTERTOWIN 
A  FREE  ELECTRONIC 
POCKET  ORGANIZER 
ATTHE  SEMINAR 


VPN  ’98  SEMINAR  DATES  &  LOCATIONS 

□  September  23 

Chicago,  IL 

Hyatt  Regency  O'Hare 

□  September  24 

Dallas,  TX 

Infomart 

□  October  13 

Los  Angeles,  CA 

LA  Marriott  Downtown 

□  October  14 

San  Francisco,  CA 

Sheraton  Palace 

□  November  10 

Washington,  DC 

Sheraton  Crystal  City 

□  November  11 

Atlanta,  GA 

Crowne  Plaza  Ravinia 

□  December  1 

New  York,  NY 

Grand  Hyatt  New  York 

□  December  2 

Boston,  MA 

Sheraton  Needham 

•  Register  2  people  and  save 
$50  on  each  registration. 

•  Register  3  or  more  people 
and  save  $100  on  each 
registration. 

•  And  every  4th  person 
registered  attends  FREE! 


Up  to  $100  off  each 
registration. 

Every  4th  person 
attends  FREE! 

TEAM  DISCOUNTS 
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Page  16. 


SPOTLIGHT  ON  TOKEN  RING 


Cisco  tosses  hat  in 
gigabit  token  ring 

By  Marc  Songini  and  Jim  Duffy 

Washington,  D.C. 

Cisco  Systems  last  week  opened  the  performance  spigot 
for  bandwidth-thirsty  token-ring  users  by  demonstrating 
gigabit  token-ring  products. 

At  the  Share  and  Guide  Technical  Conference  here, 
Cisco  showed  off  a  video  application  made  possible  by  run¬ 
ning  token-ring  frames  at  1G  bit/sec  using  Gigabit  Ethernet 
switching  and  uplink  modules  in  several  of  the  company’s 

See  Cisco,  page  52 


Testing  LAN  options 

By  Robin  Schreier  Hohman 

Dallas 

Nelson  Chui  was  ready  to 
chuck  his  token-ring  net  in 
favor  of  a  less  expensive 
Ethernet  environment  —  but 
1  High-Speed  Token  Ring 
1  (HSTR)  products  from 
|  Olicom  helped  change  his 
mind. 

Chui,  information  systems  manager  at  the  UCLA  Office 
for  the  Protection  of  Research  Subjects,  estimates  it  would 
cost  around  $40,000  to  change  his  40-workstadon  token¬ 
ring  network  to  Fast  Ethernet.  Worse,  he  says,  it  would  mean 
rewiring  the  entire  office  and  pulling  the  network  down  for 

See  Olicom,  page  52 


Compaq’s  Ethernet  ambitions 


By  Tim  Greene 

Littleton,  Mass. 

The  so-far-undisputed 
champion  of  PC  servers  hopes 
to  win  belts  in  a  new  division: 
Ethernet  quality  of  service 
(QoS).  If  Compaq  makes  it  to 
the  top,  that  triumph  could 
help  the  company  realize  one 


of  its  ultimate  aspirations  —  to 
become  a  LAN  megapower. 

But  Compaq  is  not  just  aim¬ 
ing  high.  The  PC  and  server 
giant  will  also  expand  its  line 
of  low-end  workgroup  switches 
to  add  Gigabit  Ethernet  up¬ 
links,  according  to  B.J. 

See  Compaq,  page  51 


Cisco  router 
open  to  atta 


By  Jim  Duffy 

and  Denise  Pappalardo 

San  Jose,  Calif. 

A  bug  has  cropped  up  in 
Cisco  Systems’  router  software 
that  could  let  unscrupulous 
users  crash  the  boxes  —  a  situ¬ 
ation  that  has  the  company’s 
customers  scrambling  to  fix 
the  problem. 

The  bug,  which  was  found 
in  Cisco  IOS  software  Versions 
9.1  and  later,  makes  it  possible 
for  unauthenticated  users  to 


Cisco  routers  could  face  assault. 


gain  access  to  the  logon 
prompt  of  a  router.  From 
there  hackers  could  cause  the 
device  to  crash  and  reload, 
according  to  a  field  notice 


posted  on  Cisco’s  Web  site.  To 
date,  no  customers  have  noti¬ 
fied  the  company  of  malicious 
exploitation  of  this  flaw,  but 
there  have  been  sporadic 
reports  of  unexplained  crashes 
consistent  with  those  caused 
by  this  error,  Cisco  says. 

Indeed,  the  defect  was  ini¬ 
tially  identified  because  of 
such  a  report,  the  Cisco  notice 
says.  But  a  company  official 
says  the  bug  was  also  noticed 
See  Bug,  page  53 


The  remaking  of  IPSec 


By  Ellen  Messmer 

Chicago 

Call  it  IPSecond. 

That’s  what  IP  security 
experts  gathering  this  week  at 
an  Internet  Engineering  Task 
Force  meeting  are  dubbing 
their  work  on  the  IP  Security 
(IPSec)  draft  standard. 

The  reason:  So  many 
changes  are  being  proposed  to 


the  original  draft  —  such  as 
new  security  features  and  a 
secure  client  package  —  that  it 
will  make  early  IPSec-compli- 
ant  equipment  obsolete.  For 
users  betting  on  IPSec  as  the 
primary  means  of  authenticat¬ 
ing  and  encrypdng  IP  traffic, 
the  question  will  be  whether  to 
See  IPSec,  page  51 


Get  more 
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O  IPSec  and  IKE  draft  RFCs. 


O  A  look  at  another 
VPN-related 
protocol:  L2TP. 


.com 


ophisticated  authentication  methods  are  moving  from  the 
movies  to  the  mainstream,  giving  you  another  way  to  protect 
your  network  from  spying  eyes. 

We  tracked  down  and  tested  four  authentication  packages. The  National 
Registry’s  SAF/nt  earned  our  World  Class  Award  for  its  seamless  integration 
with  Windows  NT. 

Check  out  the  test  results  and  consult  the  Issues  and  Trends  story  to  learn 
the  pros  and  cons  of  biometric,  smart  card  and  token  authentication  schemes. 
Then  go  to  the  online  Buyer's  Guide  for  details  on  27  products. 

Coverage  begins  on  page  35. 
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You  want  an  OS  that’s  secure  and  manageable.  Your  users  want  an  OS  that’s  fast  and  reliable. 

Specify  Windows  NT  Workstation  on  your  new  PCs  and  everybody’s  happy. 


It’s  no  secret  that  we’ve  just  launched  a  great  new  operating 
system,  Windows®  98.  However,  Windows  98  is  optimized  for 
home  use.  In  most  cases,  Microsoft®  Windows  NT®  Workstation 
4.0  is  the  right  OS  for  your  new  business  PCs.  Here’s  why: 

Windows  NT  Workstation  is  designed  to  be  more  manageable. 

So  it’s  easy  to  configure  PCs  to  match  user  needs,  from 
dialed  up  to  locked  down.  And,  when  you  lock  it  down,  your 
administration  costs  drop. 

Windows  NT  Workstation  is  more  reliable,  because  it  allocates 
separate  memory  space  for  each  app.  So  if  one  app  goes  down, 
the  rest  stay  up.  Which  means  Bob  in  marketing  won’t  be  calling 
you  today  to  tell  you  he’s  done  it  again. 

Windows  NT  Workstation  gives  you  better  security  options. 

Your  data  stays  yours.  Your  users  get  access  to  what  they  need 
(and  only  what  they  need). 

Windows  NT  Workstation  is  26%*  faster  than  Windows  98 
(it’s  also  faster  than  Windows  95,  for  that  matter).  So  everybody, 
including  you,  gets  more  done. 

Windows  NT  Workstation  is  the  right  OS  for  all  of  your  business 
users.  So  when  you  buy  new  business  PCs,  be  sure  to  order 
them  with  Windows  NT  Workstation. 


Windows  NT® 

Workstation  4.0 


•Performance  testing  conducted  by  National  Software  Testing  Laboratories.  Inc.  (NSTL™)  in  June.  1998.  using  Winstone®  98  developed  by  Ziff-Davis  Benchmark  Operation  (ZDBOp™)  across 
a  variety  of  computers  with  32  and  64  megabytes  of  memory.  Tests  performed  independently  by  NSTL  without  independent  verification  by  Ziff-Davis.  Ziff-Davis  makes  no  representations  or 
warranties.  Winstone  is  a  registered  trademark  or  trademark  of  Ziff-Davis  Inc.  in  the  U.S.  and  other  countries. 


New  notebooks  come  loaded  with  Windows  NT  Workstation. 


More  happy  people. 


Today’s  notebooks  are  ready  for  Microsoft®  Windows  NT® 
Workstation  4.0.  In  fact,  many  have  it  preinstalled  and 
preconfigured. 

Compaq,  Dell,  HP,  IBM,  Micron,  NEC  and  Toshiba  make 
these  notebooks  with  great  power  management  and  PC-card 
swapping  features.  Furthermore,  they  make  a  wide  range  of 
Windows  NT  Workstation  notebooks.  So  you’re  likely  to  find 
one  that  meets  your  users’  needs,  and  your  budget. 

You  know  Windows  NT  Workstation  is  the  right  OS  for  business 
because  it’s  more  manageable,  more  reliable,  and  faster. 

And  now  you  know  that  Windows  NT  Workstation  will  run  as 
well  on  your  notebooks  as  on  your  desktops. 

The  result:  one  OS,  the  business  OS,  on  all  of  your  new  PCs. 


Windows  NT 

Workstation  4.0 


www.microsoft 


.com/windows/go/cfiOOSSNTW/ 


Microsoft 


Where  do  you  want  to  go  today? " 


Is  your  patchwork  security  system  keeping  you  up  at  night?  Sun™  network  security  software  solutions  offer 


rock-solid,  end-to-end  security  that  seamlessly  blankets  your  entire  enterprise  network.  So  you’ll  have  the 


confidence  to  take  full  advantage  of  doing  business  on  the  Internet.  What’s  more,  you’re  covered  by  Sun’s 


consulting,  education  and  support  services.  For  proven,  flexible  security  solutions,  visit  our  Web  site  at 


www.sun.com/security/  or  call  800-786-7638.  And  put  your  worries  to  bed.  THE  NETWORK  IS  THE  COMPUTER™ 


THE  BEST 

SECURITY  BLANKET  IS 
BLANKET  SECURITY. 


01997  Sun  Microsystems,  Inc  All  rights  reserved  Sun.  Sun  Microsystems.  SunSoft,  the  Sun  Logo  and  The  Network  Is  The  Computer  are  trademarks  of  Sun  Microsystems.  Inc.  in  the  United  Stales  and  other  countries 
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Directories.  What’s  the  deal  with 
Cisco  -  why  won’t  it  support  Novell 
Directory  Services?  Some  users  of 
Cisco  and  Novell  networks  are  pretty 
steamed.  Read  their  comments,  then 
add  your  own.  DocFinder:  8536 

Water  Cooler.  Danny  Partridge  does 
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DocFinder:  8534 
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hard-won  capital  budget  on  gear  from 
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Daily  news.  Get  a  daily  digest  of 
breaking  network  news  delivered  to 
your  mailbox.  Sign  up  for  our  free 
NetFlash  newsletter.  DocFinder:  8537 
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FOR  GIGABIT 

Corey  Van  Allen  drives  graphics 
house's  move  to  Gigabit 
Ethernet,  which  could  reach 
down  to  the  desktop.  Page  17. 
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online  info  referenced 
in  Network  World, 
enter  its  DocFinder 
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BUILDING  A  TEAM 

Check  out  our  tips  for 
assembling  a  happy,  success¬ 
ful  intranet  construction 


crew.  Page  41. 


A  shortage  of  high-capacity  ban- 
width  is  hurting  West  Virginia’s  edu 
cation  net.  Bell  Atlantic’s  Dennis 
Bone  has  a  solution.  Page  25. 
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AUTHENTICATION 


REVIEW  *  Different  approaches  to  authentication 
give  you  plenty  of  ways  to  prove  yourself  but 
The  National  Registry ’s  SAF/nt  tops  our  list 
thanks  to  tight  ties  with  NT.  Page  35. 

ISSUES  AND  TRENDS:  Token,  smart 

card  and  biometric  authentication 
schemes  are  gradually  making  their 
way  from  the  movies  to  the  main¬ 
stream.  Page  39. 
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News 


Bin  Gates:  Shrinking  violet? 

8!  Not  ones  to  shrink  from  the  media  spot¬ 
light  when  they  really  want  it,  Bill  Gates  and 
his  Microsoft  compatriots  last  week 
received  judicial  permission  to  run  and 
hide  from  the  “media  circus.”  An  appeals 
court  granted  Microsoft’s  request  to  stay  a 
ruling  in  the  government  antitrust  case 
against  the  company  that  would  have  made 
depositions  of  senior  company  executives 
open  to  the  press  and  public.  “The  balance 
of  harms  favors”  Microsoft,  the  court  said. 

1'he  U.S.  Department  of  Justice,  20  U.S. 
states  and  the  District  of  Columbia  have  accused  Microsoft  of 
illegally  using  its  dominance  in  the  PC  operadng  systems  mar¬ 
ket  to  control  other  software  markets,  particularly  the  Internet. 

Cisco  goes  shopping  again 

■  In  the  past  five  years,  Cisco  has  spent  about  $7  billion  to 
acquire  25  companies.  So  it  came  as  no  surprise  when  the 
router  giant  last  week  said  it  would  buy  American  Internet,  a 
privately  held  Bedford,  Mass.,  firm  that  makes  software  for  IP 
address  management  and  Internet  access.  Cisco  will  exchange 
$56  million  of  common  stock  for  all  outstanding  shares  and 
options  of  American  Internet.  Its  chief  executive,  Bob 
Brennan,  will  continue  in  his  current  position,  reporting  to 
the  head  of  Cisco’s  service  provider  line.  Cisco  expects  the 
acquisition  to  be  completed  by  early  October. 

SBC  heads  to  the  courtroom  again  . . . 

■  The  ink  was  barely  dry  on  a  recent  action  by  the  Federal 
Communications  Commission  attempting  to  deregulate 
regional  Bell  operating  companies’  data  services  when  SBC 
Communications  headed  to  its  favorite  court  to  complain. 
SBC  has  asked  the  U.S.  Court  of  Appeals  in  St.  Louis  to  review 
a  part  of  the  FCC’s  action  —  the  one  part  that’s  an  order 
rather  than  a  proposal  —  that  states  RBOCs  must  unbundle 
and  resell  digital  subscriber  line  and  other  services  to  com¬ 
petitors  unless  they  set  up  a  separate  data-services  subsidiary. 
SBC  protested  that  federal  law  requires  the  FCC  to  free  up 
RBOCs  from  the  requirements  on  broadband  services,  even 
without  a  separate  subsidiary. 

. . .  but  the  FCC  scores  a  rare  legal  victory 

■  Oddly,  on  another  matter,  the  same  court  last  week  didn’t 
treat  the  RBOCs  so  kindly,  though  it  didn’t  really  please  the 
long-distance  carriers,  either.  The  St.  Louis  court  ruled  that  the 
FCC  struck  the  right  balance  last  year  when  it  implemented  a 
new  system  under  which  RBOCs  must  reduce  their  per-minute 
access  charges  —  the  amount  long-distance  carriers  pay  to  have 
their  traffic  completed  —  every  year  on  a  gradual  basis.  The 
RBOCs  complain  the  cuts  were  too  deep,  while  the  long-dis¬ 
tance  carriers  say  they  were  too  skimpy.  The  court  also  upheld 
the  FCC’s  May  1997  decision  not  to  force  ISPs  to  pay  any  of  the 
Bell  access  charges. 

IP  fights  the  power 

■  Research  reports  are  kind  of  like  opinions:  Everyone  has  one 
and  all  of  them  are  different.  Still,  according  to  a  new  study 
from  Insight  Research,  demand  for  broadband  IP  sendees 
could  force  down  the  prices  of  high-speed  private  leased  lines. 
Telecommunications  carriers  offering  private  lines  such  as  T-l, 
T-3  and  DS-O  are  still  likely  to  see  revenue  growth  of  8.8% 
annually  through  2002  because  the  lower  prices  will  probably 
spur  demand,  the  report  says.  But  for  corporate  users,  that 
could  mean  lower  prices  as  new  IP  broadband  carders  such  as 
Level  3  Communications  and  Qwest  Communications  put 
competitive  pressure  on  traditional  carriers  such  as  AT&T  and 
MCI.  For  more  insight,  go  to  www.insight-corp.com. 


Gates  fought  to  tes¬ 
tify  in  private. 


New  Spectrum  services  shift 
maintenance  to  Cabletron 

Company  offers  to  bring  disgruntled  users  up  to  speed  as  part  of  new  service. 


By  Robin  Schreier  Hohman 

Durham,  N.C. 

Cabletron  is  looking  to  chal¬ 
lenge  Tivoli  and  Computer 
Associates  in  the  professional 
services  market  with  the  intro¬ 
duction  of  a  remote  manage¬ 
ment  service  that  promises  to 
take  the  pain  out  of  managing 
Cabletron’s  Spectrum  network 
management  software. 

Under  the  Remote  Spectrum 
Administration  Services  pro¬ 
gram  Cabletron  announced  last 
week,  customers  can  outsource 
Spectrum  enterprise  WAN  and 
LAN  management  to  Cable¬ 
tron’s  Durham,  N.C.,  service 
facilities. 

Managing  far-flung  enter¬ 
prise  systems  is  an  increasingly 
complex  job,  Cabletron  offi¬ 
cials  say.  With  the  new  service, 
Cabletron  will  install,  config¬ 
ure,  trouble-shoot  and  run  the 
Spectrum  system. 

“I  would  rather  spend  my 
time  monitoring  and  design¬ 
ing  and  maintaining  the 
network  than  the  network 
management  platform,”  says 
Kalpesh  Unadkat,  a  computer 
consultant  at  the  University  of 
Michigan  Medical  Center,  a 
hospital  and  medical  school  in 
Ann  Arbor.  Unadkat  estimates 
it  will  take  him  two  to  three 
weeks  to  install  the  Spectrum 
5.0  upgrade  on  his  three 


Spectrum  servers  and  eight 
client  machines. 

One  problem:  security.  Be¬ 
cause  most  of  the  service  is  han¬ 
dled  via  a  remote  link  from  a 
customer’s  site  to  the  Durham 
location,  security  can  be  a  con¬ 
cern.  With  that  in  mind,  how¬ 
ever,  Cabletron  believes  it  has 


“I  would  rather 
spend  my  time  moni¬ 
toring  and  designing 
and  maintaining  the 
network  than  the 
network  management 
platform.  ” 

Kalpesh  Unadkat,  computer  consultant, 
University  of  Michigan  Medical  Center 

built  a  network-industry  Fort 
Knox  in  its  Network  Operations 
Center,  also  called  SmartNOC. 

The  SmartNOC  service  net¬ 
work  is  isolated  from  Cable¬ 
tron’s  internal  network  —  even 
e-mail  between  the  two  systems 
can’t  be  exchanged.  That’s  not 
all.  Before  Cabletron  will  take 
on  new  customers,  it  brings  in 
an  outside  security  company  to 
detect  security  flaws  in  the  cus¬ 
tomer’s  network,  then  sends 


the  customer  a  report  on  how 
to  fix  its  problems. 

The  main  obstacle  Cabletron 
will  face  in  selling  the  new  ser¬ 
vice  is  convincing  people  that 
it’s  OK  to  allow  access  to  their 
networks,  says  Chris  Jackson, 
Director  of  Cabletron’s  Remote 
Management  Services. 

But  Jackson’s  got  an  argu¬ 
ment  for  that:  He  points  out 
that  Cisco  customers  routinely 
let  technicians  dial  in  to  their 
routers  to  solve  problems. 

“When  a  customer  calls  in 
and  says,  ‘I  need  help,’  and 
you  can’t  visually  see  what  he’s 
doing,  it’s  very  frustrating,” 
Jackson  says.  With  the  new  ser¬ 
vice,  a  Spectrum  engineer  can 
log  on  to  your  network  using 
pcAnywhere  connectivity  soft¬ 
ware,  and  see  the  problem. 

The  Remote  Spectrum  Ad¬ 
ministration  Services’  base  fee 
of  $36,000  includes  installation, 
daily  health  checks  for  a  year, 
monthly  backups  onto  tape  or 
disk  and  all  upgrades.  Cus¬ 
tomers  can  buy  extra  service 
hours  at  $200  per  hour  or  in 
packs  of  100  hours  for  $18,000. 

Cabletron  declined  to  predict 
revenue,  but  company  officials 
say  if  they  only  get  a  third  of  the 
installed  Spectrum  base  — 
3,000  users  —  they’ll  generate 
at  least  $36  million  per  year. 

©  Cabletron:  (603)  337-9400 


QUICK  TAKE:  CLUSIERCATS  TURB 


Bright  Tiger  takes  bite  out  of  Web  cluster  prices 


Bright  Tiger  has  just  unveiled  a  low-end  version 
of  its  Web  server  load-balancing  software. 
ClusterCATS  Turbo  clustering  software,  which  sells 
for  $795,  can  spread  processing  across  two 
servers  and  supports  Microsoft’s  Internet 
Information  Server  for  Windows  NT  and  Net¬ 
scape’s  Enterprise  Server  running  on  Solaris. 

The  software  also  supports  server  failover, 
session  state  management  and  remote  manage¬ 
ment  via  ClusterCATS  Explorer. 

Bright  Tiger  also  hopes  to  attack  performance 
problems  with  Microsoft  Active  Server  Pages 
(ASP).  Its  weapon?  A  new  ASP  accelerator  for 
the  low-end  clustering  software  that  will  be  added 
to  the  company’s  higher  end  enterprise  edition. 
The  company  is  also  offering  a  CGI  accelerator. 

Bright  Tiger:  (508)  263-5455  or 
www.brighttiger.com 
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We  put  the  children  of  Appalachia 

ON  THE  INTERNET 

and  Citizen's  Tel  on  the  map. 


In  Brevard,  North  Carolina,  Citizen's  Telephone  used  the  Alcatel  1 100  HSS 8  to  connect  schools  to  the  Internet  and  intro¬ 
duced  local  children  to  a  whole  new  world  of  discovery. 

Providing  high-speed  Internet  access  to  customers  is  a  smart  move.  Citizen's  Tel  deployed  the  Alcatel  1100  HSS 
Multiservice  Network  Switch  and  the  Alcatel  1 100  QIK™  (QUICKFRAD®)  Frame  Relay  Access  Device  to  provide  economical 
high-speed  Frame  Relay  services  and  Internet  access  to  its  corporate,  education  and  government  customers. 


Especially  when  it's  combined  with  a  scalable  integrated  Internet  solution.  Alcatel's  IP@ATM™  strategy,  based 
on  the  emerging  MPLS  (Multi-Protocol  Label  Switching)  standard,  ensures  a  scalable,  integrated  Internet  solution 

that  leverages  Citizen's  existing  routers  while  it  takes 
advantage  of  the  industry-leading,  multiservice 
switching  capabilities  of  the  Alcatel  1100  HSS. 

Bringing  the  Net  to  kids  is  just  one  of 
the  ways  Alcatel  Internet  Solutions  can 
help  your  business.  Alcatel.  If  you're 
on  the  Net,  chances  are  you're 
traveling  on  the  roads  we  built. 


_ T _ 
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News 


is  it  too  late  for  WorldCom’s  MAEs? 

The  company  s  MAE  ATM  upgrades  are  finally  done,  but  most  ISPs  are  proceeding  with  caution. 


experience. 

This  may  be  one  of 
the  reasons  World¬ 
Com  has  run  its  ATM 
beta  trial  at  MAE- 
West  for  nearly  eight 
long  months.  World¬ 
Com  wants  to  be 
absolutely  sure  its 
ATM  services  are 
going  to  give  ISPs  a 
sound  alternative 
before  launching  a 
widespread  deploy¬ 
ment.  Six  national 
ISPs  are  part  of 
WorldCom’s  beta  trial, 
but  the  official  ATM 
service  has  not  been 
turned  on  at  any  of  its 
MAE  sites. 

WorldCom  also 
claims  ISPs  have 
placed  orders  for  the 
ATM  service,  but  says 
the  orders  will  not  be 
filled  until  October. 

But  some  ISPs  say 
they  are  hesitating 
because  they  want  to 
be  sure  the  service  is  as 
good  as  WorldCom  is 
promising. 


SPENDING  SPREE 

WbrldCom  planned  to  spend  $10  million 
over  two  years  to  upgrade  its  two  main 
MAE  points  and  build  a  third.  The  money 
is  pretty  much  gone,  according  to  Dan 
Lasater,  director  of  broadband  appli¬ 
cations  at  WorldCom.  Here’s  what  the 
company  did: 

MAE-East  in  Vienna,  Va.: 

0  Deployed  three  Cisco  BPXATM  switches. 

0  Built  ATM  operations  in  main  WorldCom 
buildings. 

MAE-Central  in  Dallas: 

0  Created  new  facility. 

0  Deployed  two  BPX  switches. 
MAE-West  in  San  Jose,  Calif.: 

0  Deployed  three  BPX  ATM  switches. 

0  Moved  to  a  new  site  with  more  space. 
Other: 

0  Bought  seven  BPX  ATM  switches  to  be 
deployed  at  other  MAE  sites. 

0  Developed  Web  PVC  provisioning  tool. 

0  Deployed  management  system  for 
provisioning  tool. 


By  Denise  Pappalardo 
and  Sandra  Gittlen 

The  ATM  switches  are  in 
and  the  tools  have  been  devel¬ 
oped,  but  WorldCom  is  still 
missing  one  major  ingredient 
that  would  make  its  metropol¬ 
itan  area  exchange  (MAE) 
upgrades  a  success:  the  back¬ 
ing  of  ISPs. 

In  the  past  two  years, 
WorldCom  has  invested  $10 
million  in  its  MAEs  in  San 
Jose,  Calif.,  and  Vienna,  Va., 
in  addition  to  building  a  new 
MAE  in  Dallas  (NW,  Jan.  26, 
page  1).  The  company  also 
equipped  its  MAEs  with  Cisco 
BPX  ATM  switches  as  part  of 
an  overall  move  to  ATM  (see 
graphic). 

But  while  WorldCom  has 
been  busy  deploying  its  ATM 
switches  and  developing  soft¬ 
ware  to  help  users  manage 
their  MAE  connections,  ISPs 
have  not  been  idle. 

Responding  to  user  com¬ 
plaints  about  packet  loss  at  the 
MAEs  and  nationwide  network 
access  points,  ISPs  have 
sought  out  alternatives  such  as 
private  peering  and  the  new 
brokered  private  peering 
approach. 

“ATM  is  a  step  in  the  right 
direction,  but  it’s  not  clear 
that  WorldCom  will  be  able 
to  solve  all  of  the  congestion 
and  loss  problems  at  the 
MAEs  by  simply  adding  ATM,” 
says  Rick  Bubenik,  vice  presi¬ 
dent  of  engineering  at 
St.  Louis-based  ISP  Sawis 
Communications. 

Bubenik’s  skepticism  is 
backed  up  by  mathematics. 


Last  year,  the  traffic  through 
the  MAEs  doubled,  says 
Andrew  Odlyzko,  head  of  the 
mathematics  and  cryptogra¬ 
phy  research  department  at 
AT&T  Labs.  But  this  year  has 
been  a  different  story. 

“The  growth  rate  at  the 
MAEs  should  have  been  50% 
to  60%  this  year.  However, 
it  is  only  20%.  It  has  not 
increased  substantially,  yet 
traffic  on  the  Internet  has 
been  doubling  each  year,” 
Odlyzko  says. 

Turning  the  tide 

WorldCom  is  hoping  to 
attract  more  traffic  to  the 
MAEs  with  its  ATM  upgrades. 
The  company  is  supplement¬ 
ing  its  aging  Digital  FDDI 
GIGAswitches  with  Cisco’s 
BPX  ATM  switches. 

WorldCom  has  also  devel¬ 
oped  a  Web  permanent  virtual 
circuit  tool  to  give  ISPs  more 
control  over  their  bandwidth, 
says  Dan  Lasater,  director  of 
broadband  applications  at 
WorldCom.  The  tool  will  let 
ISPs  adjust  the  faucet  on  their 
ATM  pipe  in  real  time.  With 
FDDI,  ISPs  could  not  control 
their  connections. 

But  even  with  all  these 
improvements  on  the  way, 
WorldCom  is  still  having  a  dif¬ 
ficult  time  wooing  ISPs  back 
to  the  public  peering  side  of 
the  Internet.  WorldCom  has 
to  contend  with  the  fact  that 
not  too  long  ago  ISPs 
had  to  explain  a  nearly  40% 
packet  loss  at  MAE-East  to 
frustrated  users.  ISPs  are  not 
anxious  to  repeat  that 


Keeping  their  options  open 

WorldCom  may  face  an 
uphill  battle  trying  to  lure 
back  ISPs  that  have  switched 
to  private  peering.  In  late 
1995,  UUNET  Technologies, 
MCI  and  GTE  Inter¬ 
networking  led  the  way  in 
developing  private  peering 
agreements  ( NW,  May  5,  1997, 
page  1). 

ISPs  that  have  private  peer¬ 
ing  agreements  typically  have 
two  or  more  high-bandwidth 
dedicated  connections  be¬ 
tween  their  networks,  which 
they  use  to  exchange  traffic. 
Private  peering  offers  busi¬ 
ness  users  more  reliable 
transport  of  their  traffic  over 
the  ’Net. 

While  all  three  aforemen¬ 
tioned  ISPs  still  have  connec¬ 
tions  at  the  MAEs,  the  traffic 
carried  on  the  MAE  connec¬ 
tions  today  is  inconsequential 
compared  with  the  ISPs’  total 
traffic. 

But  now  another  group  of 
ISPs,  led  by  Sawis,  is  develop¬ 
ing  brokered  private  peering 
(BPP). 

The  approach  is  yet  another 
alternative  to  public  peering. 


BPP  aims  to  establish  at  least 
nine  exchange  points  around 
the  country  in  a  tic-tac-toe  pat¬ 
tern  in  which  ISPs  will  peer, 
says  Dorn  Hetzel,  director  of 
network  architecture  at  Epoch 
Internet. 

ISPs  that  join  the  BPP  plan 
will  be  interconnecting  under 
a  more  stringent  set  of  rules 
than  those  imposed  at  public 
peering  sites,  he  says. 

In  order  to  ensure  packets 
are  not  dropped,  the  ISPs 
will  be  connecting  to  BPP 
using  high-speed  ATM  con¬ 
nections.  The  ISPs  will  also 
have  to  carry  users’  traffic 
as  far  as  possible  on  their 
own  networks  before  simply 
dumping  it  onto  the  peering 
points,  Hetzel  explains. 

Getting  back  on  track 

WorldCom  realizes  that 
competition  to  control  Inter¬ 
net  traffic  is  coming  from 
all  corners  of  the  industry, 
and  that  users  stand  to 
benefit  from  the  competition. 
ISPs  and  users  like  the 
idea  of  WorldCom  finally 
upgrading  its  peering  points 
to  a  more  robust  and  scalable 


ATM  technology. 

One  of  the  biggest  benefits 
of  ATM  is  the  higher  band¬ 
width  that  can  be  supported. 
“If  you  can  bring  in  one 
OC-12  line  for  your  traffic, 
it’s  more  efficient  than  having 
a  bunch  of  OC-3s  in  terms 
of  price  and  performance,” 
says  John  Curran,  chief 
technical  officer  at  GTE 
Internetworking. 

FDDI,  which  WorldCom  has 
historically  used  at  all  of  its 
MAE  sites,  hits  the  ceiling  at 
100M  bit/sec.  The  MAEs’ 
ATM  services  start  at  45M 
bit/sec  and  range  up  to  622M 
bit/sec,  WorldCom’s  Lasater 
says.  WorldCom  also  plans  on 
supporting  OC-48  ATM  ser¬ 
vices  in  the  near  future,  he 
says. 

“ATM  makes  us  reevaluate 
whether  it  makes  more  sense 
to  go  to  more  public  peering,” 
GTE’s  Curran  says. 

If  the  MAEs  become  more 
reliable  and  less  congested, 
GTE  Internetworking  may 
consider  leaving  traffic  at  the 
MAEs  and  slow  its  move 
away  from  the  public  sites, 
Curran  says. 

One  enterprise  user  is 
looking  at  eliminating  the 
middleman  —  his  ISP  —  to 
reap  the  benefits  of  an 
ATM  MAE.  “We  are  thinking 
about  collocating  at  MAE- 
West,”  says  Mark  Sanders, 
director  of  MIS  at  Meta- 
Creations,  a  Carpinteria, 
Calif.-based  graphics  tool 
developer. 

Today,  MetaCreations  collo¬ 
cates  its  servers  with  Digex, 
Intermedia  Communications’ 
ISP  subsidiary.  However, 
Sanders  believes  deploying 
a  server  at  MAE-West  may 
improve  Internet  traffic  per¬ 
formance  because  he  will 
be  able  to  send  his  Internet 
traffic  directly  to  a  variety 
of  ISPs. 

But  other  users  just  don’t 
like  the  idea  of  public  peering 
points. 

“On  paper,  ATM  should  be 
better,  but  I’ll  wait  and  see,” 
says  Dwight  Gibbs,  chief  tech¬ 
nical  fool  at  online  financial 
advisor  The  Motley  Fool.  “In 
the  meantime,  I’m  still  ham¬ 
mering  away  at  my  ISP  to  do 
private  peering. 

“There’s  still  the  problem 
at  the  MAEs  that  you  don’t 
know  who  to  blame  if 
there’s  a  problem,”  Gibbs 
says.  “If  something’s  wrong 
at  the  private  peering 
point,  you  know  who  to 
blame.”  ■ 


For  the  answer  to 
this  week’s  question  and  more 
net  trivia,  visit  Network  World  Fusion  and 
enter  2349  in  the  DocFinder  box. 


n/s  week  s  question: 

This  Dallas  management  software  company 
has  made  29  acquisitions  since  its  formation 
in  1981.  Name  this  company. 
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Now  there’s  an  affordable 


Token  Ring  switch 
with  the 
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If  you  need  a  switch  for  your  backbone,  branch  offices  or  to 
increase  performance  anywhere  in  your  network,  Madge 
Networks  has  the  ideal  solution  -  the  Smart  Ringswitch  Express. 

We’ve  designed  a  Token  Ring  switch  that  is  everything 
you  need:  affordable,  powerful  and  easy  to  integrate  into  any 
Token  Ring  network.  And  we  haven’t  stopped  there.  At  no 
extra  cost,  the  Smart  Ringswitch  Express  comes  loaded  with 
advanced  control  features  and  graphical  point-and-click 
management. 

These  include  Madge’s  unique  Active  Broadcast  Control 
(ABC’*)  which  improves  workstation  performance  by 

ittf  automatically  filtering  unnecessary  broadcast  traffic. 

Vs'  •  •  ** 

w  \  And  /////Remote  MONitoring  support  (RMON) 

‘ •  1 1  *'  which  provides  you  with  the  insight  you  need  to 


get  proactive  in  managing  your  network. 

In  addition,  this  remarkable  new  Token  Ring  switch  is 
High  Speed  Token  Ring  ready  and  has  a  full  1.5Gbps 
switching  capacity  -  over  three  times  that  of  other  switches 
in  its  class. 

So  the  decision  is  easy.  Whether  your  network’s  handling 
transactions  worth  millions  of  Dollars  or  simply  running  office 
applications,  the  Smart  Ringswitch  Express  is  the  affordable 
choice  for  scaling  performance  -  now  and  into  the  future. 

For  more  information  on  the 
Smart  Ringswitch  Express -call  now 
on  1  -800-TR-MADGE  or  visit  our  Web  site 
at  http://www.madge.com  or  email  us 
at  reply@madge.com  Madge  Networks 


©  Copyright  1 998  Madge  Networks.  All  Rights  Reserved.  Madge,  the  Madge  logo,  ABC,  “HSTR  Ready"  and  Smart  Ringswitch  Express  are  trademarks,  and  in  some  jurisdictions  may  be  registered  trademarks  of  Madge  Networks  or  its  affiliated  companies. 
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Let’s  talk  servers. 

Workgroups ,  departments,  enterprise,  networks... 

Let's  talk  reliability. 

Integrated  server  management,  RAID  options,  built-in  high  availability  features 

Let's  talk  solutions. 

Great  servers  plus  custom  configured  desktops  and  notebooks - 


Let’s  talk  about  your  Gateway^ 


Whether  you're  supporting  a  twenty  person  workgroup,  or  a  2,000  person  enterprise  network,  you  know 
there's  nothing  more  important  than  the  fast,  reliable  flow  of  information.  Which  is  why  you  should  make 
Gateway  your  technology  partner.  Based  on  more  than  a  decade's  worth  of  award-winning  server 
technology,  the  Gateway  ALR®  Server  Series  combines  unbridled  performance  with  intrinsic  reliability.  Even 
our  entry-level  workgroup  servers  feature  integrated  server  management,  outstanding  flexibility,  and 
support  for  advanced  multiprocessor  technology.  Pair  these  servers  with  our  enterprise  desktops  and  award-winning 
notebooks,  and  you’ve  got  a  complete  workgroup  solution  priced  to  put  a  smile  on  your  face.  To  find  out  more, 
visit  your  local  Gateway  reseller  today.  Or  call  us.  Let's  talk  business. 
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Solutions  Custom  Made  for  Today’s  Business  World. 


E-Series  Network-Ready 
Enterprise  PCs 

E-4200  350 

■  Intel®  Pentium®  II  Processor 
350MHz  with  512KECC  Cache 

■  128MB  SDRAM 

■  EV700 .28  Screen  Pitch 

17”  Monitor  (15.9”  viewable) 

■  8.4CB  UltraATA  Hard  Drive 

■  13Xmin/32Xmax 
CD-ROM  Drive 

■  3Com®  10/100 
Ethernet  Adapter 

■  E-Series  Mid-Tower  Case 

■  DM12.0  Compliant  and  Intel 
LANDesk®  Client  Manager  3.1 


Solo ®  Portable 
Computers 

I  9100LS 

■  14.1”  XCA  TFT  Color  Display 

■  Intel  Pentium  II  Processor 
233MHz  with  512K  Cache 

■  32MB  SDRAM 

■  Removable  2CB  EIDE  Hard  Drive 

■  Modular  8X  min/ 

20  max  CD-ROM  Drive 

■  Lithium  Ion  Battery  &  AC  pack 

■  NTSC/PAL  Video  Input/Output 

■  PC  Card  Fax  Modem 


ALR  Series  Workgroup 

Server 

ALR  7200350 

■  Intel  Pentium  II  Processor 
350MHz  with  512K  Cache 

■  SMP-Compliant 
(expandable  to  two  processors) 

■  100MHz  Data  Bus 

■  ECC  Memory  Subsystem  with 
64MB  SDRAM  DIMM  Memory 

■  Integrated  Ultra2  SCSI  support 

■  Integrated  Video 

■  Integrated  10/100  Ethernet 
Adapter 

■  InforManager™  Server 
Management  System 

■  Rack-mount  conversion  available 


ALR  Series  Enterprise-Class 

Server 

ALR  9000 

■  Intel  Pentium  Pro  Processor 
200MHz  with  1-MB  Cache 

■  SMP-Compliant  design  supports 
Six  Pentium  Pro  processors 

■  ECC  Memory  Subsystem  with 
128MB  DIMM  Memory 

■  1050-Watt  hot-pluggable  N+1 
Power  Supply  (700-Watt  usable) 

■  Fourteen-Bay  Double-Wide 
Server  Chassis 

■  Six  hot-plug  ready  drive  bays 
standard,  expandable  to  twelve 

■  InforManager™  Server 
Management  System 

■  ActiveCPR  processor  fail-over  and 
server  auto-recovery 


s  talk  about  your 


www.gatewaypartners.com 


call  800-444-4257 

©1998  Gateway  2000,  Inc.  All  rights  reserved.  Gateway  and  the  Gateway  stylized  logo  are  trademarks  of  Gateway  2000,  Inc.  Not  all  Gateway  systems  contain  the  Pentium  II  processor.  The  Intel  Inside 
Logo,  Intel,  LANDESK  and  Pentium  are  registered  trademarks  of  Intel  Corporation.  All  other  brands  and  product  names  are  trademarks  or  registered  trademarks  of  their  respective  companies.  Many 
Gateway  products  are  custom  engineered  to  Gateway  specifications,  which  vary  from  the  retail  versions  of  the  software  and/or  hardware  in  functionality,  performance  or  compatibility.  Some  products 
and  services  may  not  be  available  for  all  international  locations.  All  prices  and  configurations  are  subject  to  change  without  notice  or  obligation.  Prices  do  not  include  shipping  or  handling  or  any  applica¬ 
ble  taxes  unless  otherwise  noted.  All  prices  in  U.S.  dollars.  See  Gateway  GSA  Schedule  for  additional  terms  and  conditions.  Gateway  sample  configuration  prices  shown  are  in  accordance  with  the  Price 
Reduction  Clause  and  include  shipping  F.O.B.  U.S.  destination. 
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_ News _ 

Users  offer  ship  date  advice 


By  Paul  McNamara  and  John  Cox 

It  may  be  today’s  most 
often-asked  yet  unanswerable 
IT  question:  When  will  Micro¬ 
soft  deliver  Windows  NT  5.0? 
After  a  handful  of  delays, 
Microsoft  now  refuses  to  say, 
at  least  publicly. 

NT  5.0  is  just  the  latest  in  a 
string  of  important  products 
that  hlew  well  past  their  original 
ship  dates,  including  sundry 
versions  of  Lotus  Notes,  Win¬ 
dows  95  and  Microsoft  Ex¬ 
change.  Some  key  technologies, 
such  as  IBM’s  Workplace  OS, 
never  even  saw  the  light  of  day 
despite  the  announcement  of 
firm  ship  dates. 

All  of  which  leads  to  this 
question:  What  do  customers 
want  and  expect  from  vendors 
in  terms  of  setting  and  honor¬ 
ing  product  delivery  dates? 

Customers  want  deadlines 
met,  of  course,  but  most  net¬ 
work  managers  have  been 
around  the  block  often  enough 
to  know  that’s  always  an  iffy 
proposition. 

“What  would  make  sense  are 
regular  updates  if  products  are 
behind  schedule,”  says  Jim 


Santiago,  assistant  vice  presi¬ 
dent  of  information  services  at 
AEW  Capital  Management  in 
Boston.  “Usually  vendors  don’t 
give  you  any  information  until 
the  deadline  passes.” 

Vendors  may  want  to  con¬ 
sider  more  of  a  “windowing” 
approach  to  their  shipment 
projections,  says  Ron  Kane,  pro¬ 
ject  director  of  new  technology 
for  the  city  of  San  Francisco. 

“Maybe  it’s  time  to  have  two 
types  of  release  dates,  one  esti¬ 
mated  early  on  and  then  an 


actual  release  when  it  looks 
like  things  are  really  going  to 
happen,”  Kane  says. 

More  detailed  information 
issued  further  in  advance 
would  also  be  useful,  accord¬ 
ing  to  another  IT 
manager. 

“It  would  help  if 
vendors  could  pub¬ 
lish  product  release 
road  maps  with  fea¬ 
tures  planned  and 
dates  of  the  alpha, 
beta  and  first  cus¬ 
tomer  ship  releases 
for,  say,  two  years,” 
says  Bruce  Reed, 
manager  of  techni¬ 
cal  services  at 
Intrinsa  in  Moun¬ 
tain  View,  Calif.  “However,  that’s 
not  realisdc  in  today’s  environ¬ 
ment”  of  rapid  technological 
advancements  and  fierce  com¬ 
petition,  he  adds. 

As  for  other  advice  for 
vendors,  customers  inter¬ 
viewed  say  vendors  should  do 
the  following: 

•  Resist  the  temptation  to 
not  issue  a  date.  When  cutting- 
edge  technology  matters,  plan- 


-  Microsoft 
Windows  95 

“Acknowledged”  at  the  end  of  1993 
and  delivered  in  August  1995,  Windows 
95  was  one  of  the  most  anticipated 
late  products  in  recent  years. 


ning  for  its  arrival  is  important. 

•  Be  realistic.  A  wildly  opti¬ 
mistic  date  may  help  vendors 
freeze  markets  but  not  with¬ 
out  paying  the  price  of  lost 
credibility. 

•  Be  candid.  If  it’s  known 
beforehand  that  a  promised 
feature  will  not  make  the  final 
release,  tell  customers  early  so 
they  can  adjust. 

•  Put  quality  and  stability 
first.  The  usability  of  a  product 
is  more  important  than  meet¬ 
ing  deadlines. 


Microsoft,  for  its  part, 
believes  that  holding  out  on 
NT  5.0’s  due  date  is  the  com¬ 
pany’s  only  responsible  course, 
given  the  product’s  well-docu¬ 
mented  complexity. 

“If  we  were  to 
announce  a  date, 
that  would  show 
we  aren’t  serious 
about  quality,”  NT 
5.0  architect  Mark 
Brown  recently  told 
Network  World. 

While  agreeing 
with  Brown  in 
principle,  not  every 
case  is  clear-cut, 
according  to  Phil 
Gibson,  director  of 
InterActive  Market¬ 
ing  at  National  Semiconductor 
in  Santa  Clara,  Calif. 

“If  it’s  a  breakthrough  tech¬ 
nology  and  there’s  no  way  to 
do  the  job  otherwise,  then  I 
really  do  care  about  the  release 
date,”  Gibson  says.  “If  they  miss 
it,  that  makes  me  miss  my 
schedules  one  for  one.” 

Gibson  has  his  own  equation 
for  applying  a  reality  adjust¬ 
ment  to  vendor  promises.  “I 


Apple 

Macintosh  OS  8 
Originally  called  Copland  when 
announced  in  1994,  Mac  users 
had  to  wait  three  years  until  its 
release  last  summer. 


always  sandbag  their  delivery 
dates  by  at  least  nine  months,” 
he  says. 

Others  are  even  more  cir¬ 
cumspect. 

“We  don’t  make  plans  based 
on  vendor  announcements, 
because  it’s  so  common  for 
things  to  be  late,”  says  Angel 
Cortez,  senior  systems  analyst  at 
Nordstrom,  a  Seattle-based 
retailer.  “Our  planning  really 
starts  when  we  get  the  actual 
product.  That’s  because  you 
don’t  always  end  up  with  what 


the  vendor  says  you’re  going  to 
get  in  the  final  release.” 

Getting  promised  features  in 
a  product  “is  probably  more 
important  than  getting  it  out 
in  a  timely  fashion,”  says  Jerry 
Fain,  manager  of  information 
technology  at  Winter,  Wyman 
&  Co.  in  Waltham,  Mass.  He 
would  like  to  see  vendors 
be  more  forthcoming  about 
features  that  fall  off  the  draw¬ 
ing  board. 

They  also  shouldn’t  “force  a 
product  out  the  door  because 
that’s  worse  than  missing  a 
deadline,”  Fain  adds.  “It’s  an 
administrator’s  nightmare  to 
put  something  in  that  causes 
headaches.” 

The  better-late-than-lousy 
camp  has  plenty  of  members. 

“From  the  technology  stand¬ 
point,  I  prefer  something  that 
is  really  working”  to  making  an 
arbitrary  delivery  date,  says 
Kevin  Chou,  an  independent 
consultant  in  New  York. 

It  isn’t  necessarily  the  major 
operating  system  upgrades 
that  most  concern  customers. 
For  example,  San  Francisco’s 
Kane  says  his  department  is 
anxiously  awaiting  the  release 
of  the  Domino  5.0  messaging 
and  Web  application  server 
from  Lotus,  a  company  that 
has  had  trouble  meeting 
Notes  and  Domino  delivery 
dates  in  the  past. 

“If  Domino  5.0  slips,  that 
would  be  of  more  concern 
than  an  NT  5.0  slip,”  Kane  says. 

Many  organizations  would 
rather  bypass  delivery  date 
uncertainties  altogether. 

For  example,  the  NT  delays 
won’t  have  any  impact  at  snack 
maker  Nabisco  “because  NT 
5.0  isn’t  even  budgeted  for 
yet,”  says  Joe  Brand,  lead  LAN 
analyst  at  the  company  in 
Parsippany,  N.J.  “We’d  never 
even  make  a  deployment  pro¬ 
posal  to  senior  management 
until  it  was  ready.” 

And  customers  are  not  the 
only  parties  that  have  a  stake  in 
delivery  date  promises. 

“The  software  industry  is  a 
well-knit  network,”  says  Eric 
Brown,  an  analyst  with  Forrester 
Research  in  Cambridge,  Mass. 
“If  I  am  a  software  vendor  bank¬ 
ing  on  the  next  great  version  of 
my  product,  but  it  is  dependent 
upon,  for  example,  Active 
Directory,  I  have  a  problem.” 

The  bottom  line  for  satisfy¬ 
ing  independent  software  ven¬ 
dors  and  corporate  users 
should  be  obvious,  according 
to  Chris  Miller,  senior  systems 
manager  at  Catalyst  Solutions 
Group  in  St.  Louis. 


Great  late  software  products  over  the  years 


Lotus 

1-2-3/G 

Originally  announced  in  1987, 
the  first  GUI  version  of  Lotus 
1-2-3  was  not  shipped  until 
September  1990. 

3 — S' 


1987 


Microsoft - 

Microsoft  Exchange  Server 
Announced  in  June  1994  and  initially  promised 
to  ship  in  late  1994.  It  didn’t  ship  until  April 
1996.  Microsoft  cited  “development  complexity 
of  new  product  line”  as  the  cause  for  delay. 


Microsoft 
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Microsoft— 

Wolfpack 

Announced  in  early  1996,  the  Windows  NT 
server  clustering  technology  was  not  delivered 
until  the  last  quarter  of  1997. 


National  Semiconductor’s 
Gibson  has  his  own  for¬ 
mula  to  determine  dates. 


“Exceeding  the  customer’s 
expectation”  should  be  the 
ultimate  goal  of  vendors, 
Miller  says.  “Tell  people 
it’s  going  to  be  delivered 
in  November  and  come  out 
with  it  in  September  if  you 
can,”  he  says.  ■ 
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INTELLIGENT  CAPACITY  ISDN  by  day...  56K  modems  by  night...  Different  times  of  day,  different  kinds  of 

traffic.  Plus,  you've  got  to  take  care  of  leased  lines,  frame  relay,  and  new  technologies  like  Voice  over  IP  and 
xDSL.  What  you  need  is  one  box  intelligent  enough  to  handle  it  all. 
r  Introducing  the  PortMaster'M  Integrated  Access  Concentrator.  Its 
ultra-high  port  density  and  innovative  "any  service,  any  port,  any  time"  design  gives  you 
optimal  port  utilization  (which  means  fewer  missed  revenue  opportunities).  It  also 
runs  on  the  most  stable  operating  system  in  the  business,  Lucent's  ComOS?  Pretty 
smart,  huh?  To  find  out  more,  visit  our  website  at  www.lucent.com/dns/portmaster 

or  call  1  888  737  5454  We  make  the  things  that  make  communications  work.™ 
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News 


Suing  a  spammer  requires  finding  him  first 


Washington  state  statute  promises  to  prevent  rampant  spamming  by  fining  senders  per  e-mail  message. 


By  Paul  McNamara 

Issaquah,  Wash. 

Here’s  the  theory:  Give  every 
e-mail  recipient  in  the  state  of 
Washington  the  legal  fire¬ 
power  to  sue  junk  e-mail 
senders,  and  watch  those  spam¬ 
mers  scurry  for  cover. 

The  problem,  however,  is 
that  many  spammers  are 
already  undercover.  They’re 
so  well-hidden,  in  fact,  that 
simply  finding  them  can  be  a 
challenge  for  those  wanting  to 
sue  using  Washington’s  new 
antispam  law.  As  for  collecting 
an  actual  court  judgment, 
that  may  make  the  initial  hunt 
look  relatively  easy. 

Nevertheless,  early  users  and 
proponents  of  the  Washington 
law  believe  it  holds  great 
promise  for  frightening  a  lot  of 
spammers  into  at  least  behav¬ 
ing  better,  even  if  it  won’t 
bankrupt  many  of  them. 
Passed  earlier  this  summer,  the 
statute  allows  Washington  resi¬ 
dents  to  sue  spammers  in  civil 
or  small  claims  court.  Penalties 
of  $500  per  spam  message  paid 
to  recipients  and  $1,000  per 
message  paid  to  e-mail  account 
providers  may  be  tripled  by  a 
judge. 

The  law  requires  senders  to 
determine  whether  an  e-mail 
address  resides  in  Washington, 
which  can  be  a  difficult  task. 
Antispam  activists  believe, 
therefore,  that  the  less  brazen, 


more  amateurish  spammers 
outside  of  Washington  could 
simply  stop  spamming  alto¬ 
gether  rather  than  risk  run¬ 
ning  afoul  of  the  statute. 

“Whether  or  not  we 
end  up  collecting 
lots  of  money,  we 
want  to  make  it  clear 
that  there  is  an 
economic  downside 
to  sending  spam.  ” 

Adam  Engst,  publisher,  TidBITS 

There  are  early  signs  that 
deterrence  may  indeed  be  a 
byproduct.  After  merely  threat¬ 
ening  to  sue,  one  Washington 
resident  reportedly  received 
$200  from  a  company  that  had 
sent  him  spam. 

“Whether  or  not  we  end  up 
collecting  lots  of  money,  we 
want  to  make  it  clear  that 
there  is  an  economic  down¬ 
side  to  sending  spam,”  says 
Adam  Engst,  who  last  month 
filed  the  first  actual  lawsuit 
based  on  the  statute.  Engst  is 
publisher  of  TidBITS,  an  elec¬ 
tronic  newsletter  that  focuses 
on  Macintosh  and  Internet 
issues. 


The  target  of  his  civil  suit  is 
WorldTouch  Network,  a  Los 
Angeles-based  company  that 
peddles  a  product  called  Bull’s 
Eye  Gold,  which,  ironically 
enough,  is  used  by  spammers 
to  harvest  e-mail  addresses  off 
of  Web  pages.  Engst  says  he 
and  three  colleagues,  who  are 
also  parties  to  the  suit,  received 
about  100  copies  of  the  Bull’s 
Eye  spam  in  a  single  month. 

“We  had  no  trouble  finding 
WorldTouch  as  far  as  identify¬ 
ing  them  for  the  lawsuit,” 
Engst  says,  noting  that  the 
company’s  phone  number  and 
address  were  in  the  spam. 
However,  he  adds,  “We  have 
not  been  able  to  find  the  prin¬ 
cipal  of  the  organization.” 

That  would  be  Christopher 
Lee  Knight,  a  man  notorious 
among  antispam  activists  for 
the  high  volumes  and  repeti¬ 
tiveness  of  the  unsolicited 
commercial  e-mail  he  sends. 
California  law  requires  that 
the  principal  of  an  unincor¬ 
porated  company  be  person¬ 
ally  served  notice  of  a  civil 
suit. 

“He  is  one  of  the  most 
reviled  spammers  so  far  as  I 
can  tell  from  reaction  that 
we’ve  gotten  to  this  lawsuit,” 
says  Brady  Johnson,  Engst’s 
attorney. 

Messages  left  last  week  by 
Network  World  for  Knight  at 
WorldTouch  were  not  returned. 


QUICK  TAKE:  FIRSTCLASS  INTRANET  SERVER  5.5 


SoftArc  beefs  up  intranet  server 

Customers  will  find  a  passel  of  new  and  useful 
Internet  messaging  features  tucked  inside  the 
latest  version  of  FirstClass  Intranet  Server  (FCIS) 
from  SoftArc,  according  to  beta  testers. 

SoftArc  last  week  began  shipping  FCIS  5.5. 

New  features  include  message  collection  from  a 
remote  Internet  mail  server  through  dial-up  Simple 
Mail  Transfer  Protocol  support;  Java-based  chat; 
support  for  Lightweight  Directory  Access  Protocol; 
and  a  bundled  FirstClass  Rapid  Application 
Developer,  which  is  a  tool  set  for  creating  intranet 
applications  and  enterprise  database  interfaces. 

Beta  tester  Sean  Murphy,  project  director  at 
Emory  University  in  Atlanta,  says  the  FCIS  5.5 
client  interface  “looks  better  and  is  more 
configurable"  than  the  current  version.  The  Web  interface  has  also  been  improved,  he  adds. 

FCIS  costs  $995  plus  a  per-user  fee  of  $35  to  $70  depending  on  the  size  of  an  installation.  Discounts  are 
available  for  educational  institutions. 

SoftArc:  (905)  415-7000 
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Johnson  says  he  was  told  last 
week  that  the  company’s  L.A. 
office  is  sporting  a  new  “out  of 
business”  sign,  although  he  has 
not  been  able  to  confirm  that 
development. 

“We’re  still  trying  to  track 
down  Knight’s  home”  by 
using  a  process  server,  John¬ 
son  says.  “I  think  we’re  closing 
in,  and  I  have  good  reason  to 
be  very  optimistic  that  we’ll 
have  him  probably  within  the 
week.” 

Should  they  fail,  however, 
the  plaintiffs  may  still  fulfill 
their  obligation  to  notify 
Knight  by  publishing  ads  in 
L.A.  newspapers  and  legal 
journals. 

All  of  this  can  get  expensive 
and  time-consuming. 


Nevertheless,  Engst  and 
Johnson  do  not  believe  such 
difficulties  should  or  will  dis¬ 
courage  others  from  using  the 
law.  They  do,  however,  ack¬ 
nowledge  that  even  the  most 
determined  spam  fighters  have 
their  limits. 

“Where’s  your  cut-off?” 
Engst  asks.  “How  much  money 
do  you  want  to  spend  in  trying 
to  track  this  guy  down?” 

Paul  Hoffman,  director  of 
the  Internet  Mail  Consortium, 
believes  that  antispammers  will 
relish  the  opportunity  granted 
them  by  the  Washington  law. 

“It  takes  somebody  who  is 
willing  to  go  out  on  a  limb,” 
Hoffman  says.  “These  are 
people  who  really  care  about 
the  Internet.”  ■ 


How  Hormel  slices  it 

What’s  the  difference  between  spam  and  SPAM? 
One  is  an  unappetizing  mass  of  dubious 
byproducts  that  most  people  find  disgusting. 
The  other  is  a  popular  luncheon  meat. 

While  veterans  of  the  war  against  junk  e-mail  certainly 
know  the  difference,  Hormel  Foods,  the  maker  of  SPAM, 
is  intent  on  drawing  the  distinction  more  dearly  for  the 
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Will  the  real  SPAM  please  stand  up ? 


masses.  Hormel  recently  posted  a  Web  site  dedicated 
exclusively  to  its  brand  of  SPAM  (www.spam.com).  The 
site  also  explains  the  company’s  take  on  e-mail  spam. 

“We  do  not  object  to  use  of  this  slang  term  to  describe 
UCE  [unsolicited  commercial  e-mail] ,  although  we  do 
object  to  the  use  of  our  product  image  in  association  with 
that  term,”  Hormel  huffs.  “Also,  if  the  term  is  to  be  used, 
it  should  be  used  in  all  lowercase  letters  to  distinguish  it 
from  our  trademark  SPAM,  which  should  be  used  with  all 
uppercase  letters.” 

Got  that? 

—  Paul  McNamara 
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Briefs 


■  Allied  Telesyn  con¬ 
tinues  to  push  into  the  conver¬ 
sion  market,  this  time  with  two- 
port  switches  that  convert 
1 0/1 OOM  bit/sec 
Ethernet  over  cop¬ 
per  to  Fast  Ethernet 
over  fiber.  Each  switch 
will  cost  less  than  $400  and  sport 
one  port  of  10/100M  bit/sec  cop¬ 
per  and  one  of  1  OOM  bit/sec  fiber, 
for  ST  or  SC  fiber  connections. 
The  AT-FS20x  switches  provide 
full-wire  speed  forwarding  and 
filtering  at  148,000  packet/sec  for 
Fast  Ethernet  and  14,800  pack¬ 
et/sec for  Ethernet.  They  support 
more  than  8,000  media  access 
control  address  table  entries, 
and  can  provide  a  full-duplex 
link  to  any  device. 

(?)  Allied  Telesyn:  (800)  424- 


■  Support  for  NetWare  5. 0  and 
Windows  NT  Console  are  among 
the  highlights  of  Manage- 
Vtfise  2.6,  Novell's 
network  manage¬ 
ment  product,  which 
the  firm  began  shipping  last 
week.  The 
new  version 
uses  SNMP 
alarms  to  let 
customers 
monitor 
problems 
that  crop  up 
in  Novell 
Directory 
Services.  It  also  has  been 
designed  to  operate  better  with 
ZENworks,  Novell’s  desktop  man¬ 
agement  and  software  distribu¬ 
tion  product.  ManageWise  2. 6, 
which  is  Year-2000  compliant, 
costs  $795 for  a  five-user  license. 

(?)  Novell:  ( 801)429-7000 


ManageWise  2.6 


■  The  Wireless  LAN 

Alliance  has  completed  a 
study  that  details  the  return  on 
investment  from  wireless  LAN 
technology.  The  study  found 
wireless  LANs  generally  pay  for 
themselves  in  less  than  a  year, 
through  productivity  gains  or 
avoidance  of  wired  LAN  costs. 
The  alliance’s  director,  Mack 
Sullivan,  says  wireless  LANs  are 
poised  for  big  growth  in  the  area 
of  general  office  networking. 


In- Sit e _ 

Graphics  house  paints  bright  gigabit  future 


Van  Allen  wouldn ’t  mind  gigabit  to  the  desktop. 


By  Robin  Schreier  Hohman 

Irvine,  Calif. 

If  you  ask  Corey  Van 
Allen  about  the  old 
days,  before  he  put  four 
Foundry  Networks’  Giga¬ 
bit  Ethernet  switches 
into  his  network,  he’ll 
tell  you  about  them,  but 
he’s  not  really  reminisc¬ 
ing.  It’s  more  like  he’s 
reliving  a  nightmare. 

Van  Allen,  the  net¬ 
work  manager  at  Pri¬ 
mary  Color,  a  prepress 
graphics  house  based 
here,  says  that  his  old 
network  ran  on  10M 
bit/  sec  Cisco  Ether- 
Switch  1220  switches.  With 
graphics-intensive  files  top¬ 
ping  900M  bytes  and  more, 
the  network  couldn’t  even 
move  most  of  the  stuff. 
Instead,  Van  Allen  had  to  run 
jobs  off  removable  media, 
forcing  his  production  people 
to  carry  around  Jazz  disks  as  if 
they  were  newborn  infants. 


There  they  were,  Van  Allen 
remembers,  running  to  one 
machine  for  color  retouching, 
then  to  another  for  page  lay¬ 
out,  then  to  another  for  out¬ 
put.  Then  it  was  back  to  square 
one,  picking  up  another  job  as 
the  output  machine  spent  all 
day  churning  out  a  customer 
proof.  If  everything  went  well. 


they  would  plop  the 
Jazz  drives  into  the 
archive  bin.  And  later,  if 
someone  needed  that 
Jazz  disk,  well,  pity  the 
poor  archivist. 

Getting  committed 

Late  last  year  Van 
Allen  committed  him¬ 
self  to  finding  a  Gigabit 
Ethernet  box  that 
would  take  the  load  off 
his  people  and  move  it 
to  the  network. 

After  going  through 
several  vendors  that 
promised  him  the 
moon  but  didn’t  deliver, 
Van  Allen  turned  to  Foundry. 

He  solved  his  sneakernet 
problem  by  installing  a  Turbo- 
Iron  switch  with  a  switching 
capacity  of  4.2G  bit/sec  and 
four  Gigabit  Ethernet  ports  in 
the  backbone.  One  port  goes 
to  a  Sun  Enterprise  3000 
server;  the  others  go  to  three 
Fastlron  stackable  switches. 


The  Fastlron  switches,  which 
have  16  10/1  OOM  bit/sec 
ports  and  one  Gigabit  Ether¬ 
net  uplink,  connect  to  desk¬ 
tops  and  output  devices. 

Van  Allen,  who  also  gave  his 
workstations  (a  combination  of 
Macs  and  PCs)  a  boost  with 
100M  bit/ sec  network  interface 
cards,  expected  some  colli¬ 
sions,  but  hasn’t  had  a  problem 
since  the  switches  went  in,  in 
December.  Primary  Color’s  sec¬ 
ond  site,  in  Culver  City,  Calif., 
has  a  mirror  network  and  will 
soon  have  Foundry’s  Biglron 
4000  as  well.  The  Biglron  4000 
is  a  chassis-based  switch,  and  so 
far  Van  Allen  plans  to  populate 
it  with  two  24-port  10/1  OOM 
bit/sec  blades  and  one  four- 
port  Gigabit  Ethernet  blade. 
He  expects  to  get  the  switch  in 
about  a  month. 

But  his  real  nirvana,  he  says, 
will  come  when  he  can  go 
Gigabit  to  the  desktop.  In  fact, 
he  can’t  wait. 

©  Foundry:  (888)  887-2652 


Win  TSE:  The  good  and  the  bad 


By  John  Cox 

Although  demand  for  Micro¬ 
soft’s  software  for  Windows  ter¬ 
minals  is  growing,  some  users 
and  resellers  are  grousing 
about  last-minute  distribution 
delays,  higher  than  expected 
costs,  inflexible  licensing  and  a 
long  wait  before  important  new 
features  will  be  added. 

Windows  NT  Server  4.0, 
Terminal  Server  Edition  (TSE) 
is  now  shipping  in  quantity, 
after  an  array  of  delays  in  the 
distribution  channel.  Microsoft 
says  the  delays  were  due  partly 
to  the  fact  that  some  distribu¬ 
tors  apparendy  did  not  order 
enough  copies  to  meet  the 
pent-up  demand. 

Pricing  is  still  a  concern  for 
some  customers,  especially  for 
those  using  TSE’s  predecessor, 
Citrix  Systems’  WinFrame,  and 
for  those  that  have  not  yet 
adopted  Windows  NT  Work¬ 
station  4.0  as  their  desktop  stan¬ 


dard.  Each  TSE  user  must  have 
a  full  complement  of  NT  li¬ 
censes,  which  could  cost  up  to 
$8,450  per  person,  even  if  the 
user  is  only  casually  accessing 
applications  from  the  home  or 
over  the  Internet. 

In  light  of  that  cost,  some 
customers  are  sticking  with 
WinFrame,  which  is  based  on 
NT  Server  3.51. 

“One  IS  Manager  said  to  me, 
and  I  quote,  ‘I’ll  be  damned  if 
I’m  going  to  spend  $40,000  on 
NT  Workstation  licenses  just  to 
get  the  NT  4  interface,’  ” 
according  to  a  systems  integra¬ 
tor  who  specializes  in  thin-client 
computing. 

What  will  Microsoft  do? 

Microsoft  won’t  change  the 
basic  pricing.  Nor  has  it  yet 
hammered  out  a  more  flexible 
licensing  agreement  for  cus¬ 
tomers  accessing  TSE  from 
home  or  via  the  Internet, 


according  to  Solveig  Whitde,  a 
TSE  product  manager  with 
Microsoft’s  Personal  and 
Business  Systems  group.  “We’re 
working  on  these  [issues],  and 
hopefully  will  be  addressing 
them  in  the  pretty  near  future,” 
she  said. 

Work  area  ahead 

Meanwhile,  work  has  already 
begun  on  integrating  the  TSE 
code  into  the  next  major 
release  of  NT,  Version  5.0,  and 


Microsoft  is  prepping  a  bevy  of 
new  features  (see  graphic). 
Once  integrated,  administra¬ 
tors  will  be  able  to  activate  TSE 
during  the  installation  of  the 
operating  system. 

But  don’t  expect  the  new 
features  soon:  Microsoft  won’t 
make  interim  releases,  Whitde 
says.  The  new  features  won’t  be 
included  until  NT  5.0  ships, 
which  some  observers  expect 
later  rather  than  earlier  in 
1999.  ■ 


SERVING  UP  CHANGES  TO  NT  TERMINALS:  WHAT  TO  EXPECT 


•  Performance  improvements,  shadowing,  multimedia  and  local  printer 
support,  and  “some  kind  of  load-balancing  feature.” 


•  Special  licensing  for  users 
connecting  to  corporate  TSE 
servers  from  home  or  via  the 
Internet. 

•  Integration  ofTSE  with  NT  5.0 
is  now  under  way.  TSE  will 
become  an  option  that  can  be 
selected  when  installing  NT. 


Get  more  online: 

o  Our  review  ofTSE. 

o  A  detailed  look  ^ 
at  TSE  pricing. 
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BRUCE  HERSHEY 


Local  Networks 


1  must  have  been  mistaken 


t’s  August.  Most  of  you  are  on 
vacation  (so  you  aren’t  reading 
this),  about  to  go  on  vacation  (so  you 


put  this  issue  aside  until  you  return)  or 
just  back  from  vacation  (in  which  case 
you’re  so  busy  fighting  the  brush  fires 


that  broke  out  while  you  were  away, 
you’ll  never  get  to  the  stack  of  maga¬ 
zines  you  set  aside).  It  seems  like  the 
perfect  time  to  make  corrections  to 
some  of  the  things  I’ve  written  recently. 

In  particular,  I  want  to  clear  up  some 
of  the  issues  raised  in  the  column 
about  Microsoft’s  Small  Business  Server 
and  Novell’s  NetWare  for  Small 


Business  (AW  July  27,  page  20). 

It’s  true,  as  I  said,  that  Microsoft’s 
product  will  coexist  with  other  NT 
servers  on  the  same  net.  But  there  is  a 
limitation  in  that  the  Small  Business 
Server  must  be  the  primary  domain 
controller  and  there  must  be  only  one 
domain  (Small  Business  Server  doesn’t 
support  trust  relationships) .  This  effec¬ 
tively  limits  any  network  to  one  Small 
Business  Server. 

NetWare,  on  the  other  hand,  sup¬ 
ports  any  number  of  NetWare  for  Small 
Business  servers  on  the  same  net.  The 
limitation  here  is  that  all  NetWare  for 
Small  Business  servers  must  be  in  the 
same  Novell  Directory  Services  parti¬ 
tion.  I  was  wrong,  then,  to  award  the 
points  to  Microsoft.  At  best  this  is  a 
wash  for  Redmond,  while  at  worst  it’s  a 
clear  win  for  Novell. 

In  my  recent  column  about  biometrics 
(AW July  20,  page  22  ),  I  overlooked  per¬ 
haps  the  oldest  biometric  authentication 
method  —  signatures.  I  failed  to  men¬ 
tion  that  Cyber- 
SIGN,  Inc.  (www. 
cybersign.com) 
has  released  the 
third  generation 
of  its  biometric 
signature  verifi¬ 
cation  technolo¬ 
gy.  Should  you 
think  that  forg-  ®av®  Kearns 
ing  a  signature 
is  very  low  tech,  read  on. 

Besides  simply  recognizing  the  appear¬ 
ance  of  the  signature,  Cyber-SIGN’s 
dynamic  signature  verification  looks  at  a 
number  of  other  parameters,  including 
the  time  it  takes  to  write  the  signature, 
the  number  of  times  the  pen  is  raised, 
the  pressure  used  by  the  hand  and  a  few 
other  things  related  to  the  act  of  signing 
your  name.  Couple  this  signature  verifi¬ 
cation  with  the  facial  recognition  I  men¬ 
tioned  in  the  July  20  column  and  it  would 
appear  that  passwords  will  become  a 
computer  relic,  something  to  tell  the 
youngsters  about  along  with  punched 
paper  tape  and  5.25-in.  floppy  disks. 

If  there’s  anyone  else  I’ve  wronged  or 
anything  else  I’ve  neglected  to  men¬ 
tion,  let  me  know,  and  I’ll  correct  it  all 
next  August. 

Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Austin, 
Texas.  He  can  be  reached  at  mred@vquiU.com. 

Tip  of  the  week 

For  you  NetWare  4. 1  diehards,  NoveU  has 
listened  to  you.  Slipped  virtually  unnoticed 
into  the  announcement  of  NetWare  5.0’s 
pricing  and  availability  was  the  brief  state¬ 
ment  that  NoveU  will  release  a  year 2000 fix 
for  NetWare  4.10  before  year-end  (keep  your 
eye  on  www.noveU.com/year2000).  No 
need  to  upgrade  to  4.1 1  ( although  you  real¬ 
ly  should  consider  NetWare  5.0).  It  seems 
some  vendors  do  respond  to  users'  requests. 


The  one  server  to  buy  when 
you’re  buying  more  than  one. 


Four  Pentium®  233MMX  . 
utility  servers  with  256MB 
RAM  and  two  3.5"  drive 
bays 

10/100  switching  smart 
hub 

12"  color  TFT  LCD  pop¬ 
up  display  with  keyboard 
and  mouse 

Server  with  Dual  Pentium® 
Pro  200  CPU,  256MB 
RAM,  CD-ROM,  and  three 
3.5"  drive  bays 

Server  with  Pentium®  Pro 
200  CPU,  256MB  RAM,  * 
CD-ROM,  and  three  3.5" 
drive  bays 

Server  with  Pentium®  II 
333  CPU,  512MB  RAM,  ' 
and  five  3.5"  drive  bays 


-  Pre -wired  19"  x  84"  relay 
rack  with  power  bus. 
Racks,  servers,  and 
accessories  customized  to 
fit  your  needs 

Fibre  Channel  or  SCSI 
external  storage  and  RAID 
systems  with  up  to  72GB 
of  storage  per  8  drive  array 

~  CD-ROM  tower  with 
network  server  and  hub 

-  Video/keyboard/mouse 
switch  with  on-screen 
controls 

100%  cluster/failover 
security  with  Vinca® 
Standby Server  failover 
software  for  Windows  NT® 
and  Novell®  (three  servers 
for  one-to-one  backup) 

Software-controlled  UPS 


Crystal  high- density  rackmount  servers. 

For  nearly  a  decade,  Crystal  Group  Inc.  has  been  providing  space-saving,  high  reliability  computers/servers 
to  the  communications  industry  worldwide.  Crystal’s  rackmount  servers  are  available  with  multiple  EIDE  or 
SCSI  hard  drives,  CD-ROM,  AC  or  DC  power  and  industrial  level  cooling.  Our  industry  standard  PICMG  2.0 
PC-compatible  ISA/PCI  architecture  allows  the  latest  in  processing  technology  from  Intel,  Cyrix  and  AMD. 
On-board  system  monitoring  and  alarm  capabilities  are  available  along  with  a  complete  line  of  rack  mounted 
accessories  like  Fibre  Channel  storage  and  cluster/failover  backup  systems.  No  matter  how  many  servers  you 
need,  let  Crystal  Group  build  a  rack  system  for  you.  Crystal  Group  Inc.  Doing  things  no  one  else  can. 

1-800-378-1636  http://crystalpc.com 
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NT  5.0  planning 

Propping  for  NT  direct© 


New  technology  requires  a  lot  of  grunt-work  preparation,  users  say. 


Ohe  ongoing  delays  of  Windows  NT  5.0 
are  fast  becoming  a  blessing  for  IS  pro- 
icssionals  facing  Year  2000  software  fixes. 

In  fact,  many  of  these  folks  now  say  they  won’t 
deploy  NT  5.0  until  later  in  2000  or  2001,  even 
if  Microsoft  manages  to  hit  a  mid-1999  ship¬ 
ment  date. 

In  spite  of  this,  NT  managers  now  are  starting 
to  grapple  in  earnest  with  NT  5.0  migradon 
issues.  That’s  because  the  NT  5.0  Active  Direc¬ 
tory  Service  (ADS)  will  require  some  major 
changes  within  your  network  in  order  to  achieve 
its  full  impact  —  becoming  a  clearinghouse  for 
all  kinds  of  user  and  device  information. 

ADS  will  be  like  a  super  Yellow  Pages  for  the 
network  —  a  hierarchical  master  database  of 
user  names,  identification  numbers  and  access 
privileges,  as  well  as  information  about  NT 
servers  and  workstations,  systems  and  applica¬ 
tion  software,  and  so  on. 

Just  as  important,  managers  will  be  able  to 
write  rules,  called  policies,  that  govern  the  rela¬ 
tionships  among  the  entries.  So  for  example, 
when  a  newly  hired  employee’s  name  and  other 
data  is  entered  into  the  human  resources  data¬ 
base,  it’s  passed  to  ADS.  There  policies  execute, 
and  based  on  the  employee’s  title,  he  or  she  will 
be  assigned  a  set  of  access  permissions  to  appli¬ 
cations  and  files,  and  possibly  even  bandwidth 
priorities. 

All  of  this  is  a  major  change  from  the  current 
structure  in  NT  4.0.  And  shifting  from  one  to 
the  other  may  pose  major  headaches  for  large 
customers.  As  a  result,  many  customers  have 
already  begun  forming  teams  to  create  migra¬ 
tion  plans  to  make  the  transition  to  ADS  as 
smooth  as  possible. 

“In  the  spring,  we  had  Microsoft  do  a  sup- 
portability  study  of  our  current  and  planned 
[NT]  domain  networks,”  says  Dan  Abrams,  pro¬ 
ject  manager  for  NT  domain  reconfiguration  at 
Southwestern  Bell  Communications  Directory 
Operations.  “We  wanted  to  be  sure  we  could 
merge  two  big  NT  domains  and  not  shoot  our¬ 
selves  in  the  foot  for  NT  5.0.  We  didn’t  want  to 
go  down  a  blind  alley.” 

Others  are  following  a  similar  path.  “We’re 
looking  at  our  current  NT  4.0  domain  model 
with  an  eye  to  consolidating  it,”  says  Joe  Brand, 
lead  LAN  analyst  with  Nabisco  in  Parsippany, 
N.J.  “We’re  putting  together  a  schematic  dia¬ 
gram  of  what  an  NT  5.0  net  would  look  like 
and  how  we’d  change  the  current  domain 
structure.” 


By  John  Cox 

A  related  issue  is  creating  naming  conven¬ 
tions  for  the  network  that  match  with  the  way 
the  business  is  organized,  whether  along  busi¬ 
ness  units  or  geographical  lines.  “We’ll  be  able 
to  design  our  net  around  our  business,  rather 
than  the  other  way  around,”  Brand  says.  “We 
need  to  decide  how  our  international  opera¬ 
tions  will  fit  into  this  new  domain  structure.  So 

THE  ROAD  AHEAD  TO  NT  5.0  ADS 

How  to  plan  for  Microsoft’s  upcoming  directory: 

1.  Simplify  existing  NT  4.0  domain  structure  and 
outline  steps  for  shifting  this  to  NT  5.0. 

2.  Revise  DNS  infrastructure. 

3.  Create  consistent  naming  conventions  for  NT 
systems. 

4.  Plan  for  NT  5.0  training  sessions  and  gear  up  staff 
resources  for  directory-related  work. 

5.  Determine  how  ADS  replication  over  WANs  may 
affect  network  bandwidth. 

6.  Consider  bringing  all  current  NT  systems  to  same 
NT  4.0  version  and  Service  Pack  release. 

7.  Set  up  NT  5.0  lab  for  testing  ADS,  and  Lightweight 
Directory  Access  Protocol  support. 


we’ll  do  a  case  study  to  find  out  how  the  busi¬ 
ness  operates  today  and  how  it  plans  to  operate 
in  the  future.” 

Companies  that  have  already  organized  a  sim¬ 
plified  NT  domain  structure  are  in  good  shape 
for  moving  ahead.  “We’ve  got  one  master 
domain,  the  rest  are  resource  domains,  and  it’s 
pretty  straightforward,”  says  Angel  Cortes, 
senior  systems  analyst  at  Nordstrom,  a  Seattle- 
based  retailer.  “We  don’t  think  the  migration 
will  be  a  problem,  based  on  what  we’ve  heard 
from  Microsoft  so  far.” 

Simplifying  the  current  NT  domain  structure 
is  important,  but  it’s  not  enough.  A  lot  of  work 
will  still  be  required  during  the  migration 
process,  and  users  need  to  plan  ahead  for  that. 
“Repermissioning  an  existing  NT  4.0  Access 
Control  List  in  NT  5.0  will  be  a  long  and 
tedious  job,”  says  Kevin  Chou,  a  consultant  in 
this  field,  currently  working  with  a  big  New  York 


brokerage  house.  “This  is  just  one  example  of 
what  has  to  be  done.  And  everything  is  keyed 
off  this.  There’s  no  easy  way  at  this  time  to  move 
this  stuff.” 

One  of  the  biggest  issues  concerns  Domain 
Name  System  (DNS),  which  enables  computers 
on  TCP/IP  nets  to  find  and  connect  to  each 
other.  Today,  NT  doesn’t  use  DNS  directly  but 
relies  on  the  Windows  Internet  Naming  Service 
software  from  Microsoft  to  relate  DNS  entries  to 
the  NetBIOS  names  NT  relies  on,  according  to 
Randall  Kennedy,  an  analyst  with  Competitive 
Systems  Analysis,  a  consulting  company  in 
Danville,  Calif. 

ADS  will  use  DNS  and,  more  important, 
dynamic  DNS,  a  variant  that  lets  systems  on  the 
network  update  DNS  records  with  new  data  as 
they  connect  to  the  net.  Today,  DNS  changes 
have  to  be  manually  entered  into  the  database 
on  one  or  more  DNS  servers. 

At  Southwestern  Bell,  a  review  of  the  existing 
host  names  for  computer  systems  found  that 
many  were  incompatible  with  DNS  naming  con¬ 
ventions.  “We  had  a  couple  of  thousand  work¬ 
stations  and  a  lot  of  our  servers  that  didn’t  have 
standard  DNS  names,”  Abrams  says.  All  had  to 
be  renamed. 

NationsBanc  in  Chicago  is  in  the  process  of 
creating  its  DNS  infrastructure,  says  Richard 
Shope,  manager  of  PC  technology  and  plan¬ 
ning.  The  new  structure  will  include  new 
dynamic  capabilities  so  DNS  entries  can  be 
updated  automatically.  DNS  is  also  the  core  of 
the  bank’s  higher  level  enterprise  director)' 
based  on  the  X.500  standard. 

At  NationsBanc,  as  in  nearly  all  other  compa¬ 
nies  that  use  DNS,  the  DNS  servers  are  Unix 
computers,  in  this  case  running  the  HP-UX 
operating  system.  “We’ve  created  an  NT  domain 
under  this  Unix-based  DNS,”  Shope  says.  “This 
adds  a  layer  to  our  directory  tree,  but  it  lets  us 
manage  the  NT  [domain]  independently.  The 
Unix  administrators  manage  the  Unix  systems 
and  the  directory  services  above  that.” 

Not  surprisingly,  according  to  Competitive 
Systems  Analysis’  Kennedy,  many  companies  are 
reluctant  to  entrust  DNS  services  to  NT  systems 
instead  of  the  traditional  DNS  hosts  —  Unix 
servers.  That  reluctance  is  due,  at  least  in  part, 
to  the  fact  that  NT  “doesn’t  stay  up  like  Unix 
does,”  Kennedy  says.  “Microsoft  wants  NT  5.0  to 
handle  everything  on  the  net.  But  a  lot  of  com¬ 
panies  will  resist  this.  If  DNS  goes  down,  noth¬ 
ing  works.”  ■ 
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The  Summit  1‘amily  of  LAN  Switches. 

Make  no  mistake  about  it,  the  fat  lady  is  singing.  Extreme  Networks™  is  now  the 
leader  in  stackable  Layer  3  Gigabit  Ethernet  switching.  The  proof  is  in  our 
products.  Their  record-breaking  Wire -Speed  IP  Routing  performance.  And  our  rather 
significant  market  share.  At  last  count,  Extreme  had  a  whopping  64.5%  of  the 
stackable  Layer  3  switch  market  and  has  joined  the  ranks  of  the  top  Layer  3 
switch  providers.  Which  is  pretty  amazing.  Especially  when  you  consider  we  rose 
to  be  #3  in  the  worldwide  Layer  3  switch  market  in  less  than  a  year.1  Now  that’s 
something  worth  singing  about. 

1  According  to  an  independent  study  by  the  Dell'Oro  Group. 

©19S8  Extreme  Networks.  Names  identified  by  ™  or  ®  are  trademarks  or  registered  trademarks  of  their 
respective  manufacturers.  Specifications  subject  to  change  without  notice. 
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Briefs 


■  IBM  last  week  added 

TCP/IP  multicast 
and  Novell  IPX 
support  to  its  S/390  Open 
Systems  Adapter  2  ( OSA-2 ). 

OSA-2  lets  users  attach  LANs 
directly  to  a  mainframe.  TCP/IP 
multicast  saves  on  bandwidth 
and  can  deliver  multimedia 
information  quickly. 

For  Novell  users,  IPX  sup¬ 
port  means  they  can  enhance 
performance  by  directly  link¬ 
ing  with  the  mainframe  with¬ 
out  having  to  deploy  a  separate 
gateway. 

IBM  also  says  the  Novell 
support  is  ideal  for  enterprises 
looking  to  consolidate  existing 
Novell  NDS  servers  on  the  S/390. 
The  new  features  will  be  avail¬ 
able  Sept.  30.  Pricing  was  not 
available. 

©  IBM:  (800)  426-4968 

■  Cisco  Systems 

last,  week  announced  the  avail¬ 
ability  of  Layer  2  Tun¬ 
neling  Protocol 
(L2TP)  within  Cisco 
IOS  software. 

Cisco  says  the  CiscoAssure 
policy-based  network  services  of 
IOS,  initially  targeted  at  private 
enterprise  networks,  can  be  used 
for  virtual  private  network 
(VPN)  applications. 

CiscoAssure  policies  can  dif¬ 
ferentiate  VPN  service  levels  and 
prices,  as  well  as  provision,  bill 
and  manage  VPN  services,  Cisco 
claims. 

The  availability  of  L2TP  lets 
service  providers  deliver  secure 
and  prioritized  VPNs  to  cus¬ 
tomers  that  require  communi¬ 
cations  with  mobile  users, 
telecommuters  and  small, 
remote  offices  over  dial,  ISDN, 
digital  subscriber  line,  cable 
and  wireless  technologies, 

Cisco  says. 

L2TP  is  a  standard  network 
protocol  that  combines  Cisco’s 
Layer  2  Forwarding  protocol 
and  Microsoft's  Point  to  Point 
Tunneling  Protocol. 

Cisco  IOS  with  L2TP  support 
began  shipping  last  week.  Cisco 
has  been  offering  IP  Security  in 
IOS  since  April. 

©  Cisco:  (408)  526-4000 
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Hospital’s  ATM  WAN  untangles  T-l  snarl,  reduces  costs 


the  FORE  switches  was  expen¬ 
sive;  six-port  T-l  cards  cost 
$12,000  each.  The  cards  ate  up 
so  many  switch  slots  that  the 
hospital  was  going  to  have  to 


Prasad  Ravi  found  a  way  to  reduce  cable  clut¬ 
ter  for  his  ATM  network. 


By  Tim  Greene 

Chicago 

T-l  lines  at  Rush  Pres¬ 
byterian/St.  Luke’s  Medical 
Center  were  piling  up  so  fast 
that  the  wring  closet  was  start¬ 
ing  to  look  like  a  snake  pit. 

With  hospital  medical 
offices  moving  to  new  build¬ 
ings  and  more  private  prac¬ 
tices  tapping  into  hospital  net¬ 
work  resources,  the  medical 
center  was  ordering  a  new  T-l 
every  two  weeks,  according  to 
Prasad  Ravi,  director  of 
telecommunications  at  Rush 
Presbyterian/St.  Luke’s. 

By  purchasing  a  remote 
access  switch  from  Sentient 
Networks  and  bargaining 
shrewdly  with  phone  compa¬ 
nies,  Ravi  got  rid  of  the  cable 
snarl  by  consolidating  the  T-ls 
onto  T-3  pipes. 

He  invested  $39,000  in  a 
Sentient  Ultimate  1200  WAN 
access  switch  that  can  handle 
two  T-3s  —  the  equivalent  of  56 
T-ls  —  leaving  the  hospital  with 
room  to  grow.  The  price  was 
about  half  the  cost  of  the  other 
alternatives  he  considered. 

The  hospital  runs  ATM  over 
40  T-ls  to  private  medical 
groups  and  hospital  buildings. 
The  T-ls  were  terminating 
on  FORE  ASX  1000  switches  in 
the  hospital  data  center. 

Terminating  all  the  lines  on 


buy  more  switch  chassis  at  a 
cost  of  $35,000  to  $40,000 
each,  Ravi  says. 

“Every  slot  taken  up  by  a  T-l 
card  is  a  slot  we  could  have 
used  internally  for  the  LAN,” 
Ravi  says.  “It’s  much  better  to 
use  those  ports  for  003  pipes 
than  for  T-l  pipes  because  you 
are  wasting  the  ATM  switching 


capacity  of  the  chassis.” 

Ameritech  suggested  aggre¬ 
gating  all  the  T-ls  onto  T-3 
lines,  and  Ravi  cut  a  deal  to 
pay  only  for  the  bandwidth 
actually  used  on  the 
T-3s.  The  hospital  pays 
a  fiat  fee  per  T-l  that 
is  less  than  the  $600 
tariffed  rate  for  a  long- 
range  T-l  service.  The 
flat  fee  is  also  better 
than  the  $220  mini¬ 
mum  it  would  cost  for 
a  very  short  T-l, 
Ravi  says.  Part  of  the 
deal  with  Ameritech 
requires  that  Ravi  not 
reveal  the  exact  price  of 
the  flat  fee. 

Ravi  managed  to 
negotiate  the  agree¬ 
ment  with  Ameritech 
because  he  played 
Ameritech  against  Ave- 
new,  a  competitive  car¬ 
rier  that  had  been  pro¬ 
viding  the  hospital  with 
T-l  lines. 

Ameritech  suggested  termi¬ 
nating  the  T-3  lines  on  a  Cisco 
router  already  owned  by  the 
hospital.  But  that  would  have 
cost  about  $47,000  for  a  DS-3 
router  card  that  didn’t  sup¬ 
port  ATM.  Ravi  rejected  the 
proposal. 

Ameritech  then  suggested 
that  the  medical  center  buy  a 


Telco  Systems  multiplexer  that 
would  take  in  one  T-3,  demul¬ 
tiplex  the  traffic  into  28  T-ls, 
and  plug  the  T-ls  into  the 
FORE  ATM  switches. 

That  proposal  would  have 
cost  $85,000,  and  still  would 
have  mandated  wasting  valu¬ 
able  ATM  switch  fabric 
by  using  the  T-l  cards.  Rati 
rejected  that  proposal,  too. 

Then,  four  months  ago, 
Ravi  heard  about  Sentient 
and  told  the  company  about 
his  problem.  Sentient  suggest¬ 
ed  its  Ultimate  1200.  which 
can  terminate  a  T-3  and 
switch  the  traffic  through  to  a 
single  OC-3  port  occupying 
one  slot  on  a  FORE  switch. 
The  hospital  bought  the 
Ultimate  box  for  $39,000. 

In  addition  to  the  T-3s,  the 
Ultimate  1200  handles  a  group 
of  56K  bit/ sec  and  64K  bit/ sec 
lines  running  PPP  from  small 
remote  sites. 

The  WAN  access  switch  con¬ 
verts  a  PPP  session  to  an  ATM 
permanent  virtual  circuit  and 
puts  it  through  to  a  Cisco 
router  on  the  IAN. 

“We  have  less  equipment 
to  maintain,  less  space  taken 
up  in  the  data  center  and 
fewer  cables  running  around. 
And  we  get  all  the  function¬ 
ality  that  we  need,”  Ravi 
says.  ■ 


IBM  tying  Netfinity  servers  directly  to  mainframe 


By  Marc  Songlnl 

IBM  is  building  a  fat  pipe 
between  the  mainframe  and  its 
Netfinity  Windows  NT  server. 

The  company  next  month 
will  announce  the  Netfinity 
ESCON  Channel  Adapter,  a 
card  that  will  lei  customers  link 
servers  directly  to  mainframe 
resources,  providing  high¬ 
speed  access  to  Big  Iron  data¬ 
bases  and  applications. 

Enterprise  Systems  Con¬ 
nection  (ESCON)  is  IBM’s 
I7M  byte/sec  fiber-optic  main¬ 
frame  channel  connectivity 


technology.  By  channel-attach¬ 
ing  the  Netfinity  server,  users 
no  longer  need  a  gateway 
device  to  connect  the  server  to 
the  mainframe. 

The  two-port,  Reduced  In¬ 
struction  Set  Computing-based 
Netfinity  ESCON  adapter  is  built 
buy  Bus-Tech,  a  mainframe 
channel  connectivity  company 
based  in  Burlington,  Mass.  Up  to 
four  of  the  adapters  can  be 
installed  in  the  PCI  slots  on  the 
Netfinity  server. 

The  adapter  also  supports 
IBM's  MultiPath  Channel  Plus 


(MPC+)  mainframe  channel 
protocol.  MPC+  enables  high¬ 
speed,  high-volume  traffic 
among  mainframes  and 
downstream  channel-attached 
servers,  routers  and  switches. 
IBM  says  MPC+  technology  can 
improve  channel  throughput 
by  40%  and  reduce  mainframe 
cycle  utilization  by  60%  over 
older  channel  protocols. 

Other  ESCON  adapters  sold 
by  Microsoft,  SPX  Gorp.  (for¬ 
merly  General  Signal)  and 
others  do  not  support  MPC+, 
IBM  says. 


The  Netfinity  ESCON  Chan¬ 
nel  Adapter  will  be  available  in 
October  for  about  $10,000. 

©  IBM:  (800)  426-4968;  Bus- 
Tech:  (800)  284-3172 

Get  more  online: 

o  Detailed  infor¬ 
mation  about 
IBM’s  0SA. 

^  A  look  at  MPC+. 

Read  about  Bus-Tech’s  offerings. 
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Internetworks 


INTERNETWORKING  MONITOR 

'Net  QoS  hurdles  cripple  enterprise  VPNs 


©irtual  private  networks  (VPN)  are 
supposed  to  give  us  the  ability  to 
use  the  Internet  as  an  enterprise-quality 
WAN  without  the  expense  or  the  man¬ 


agement  headaches  of  a  private  intranet. 

Yet  there  are  a  number  of  issues  that 
must  be  answered  before  VPNs  become 
a  serious  alternative  to  large,  meshed, 


leased-line  intranets.  Perhaps  the  most 
important  issue  is  guaranteed  quality  of 
service  (QoS). 

If  you  are  implementing  or  consider¬ 


ing  installing  or  deploying  VPNs  in  the 
near  future,  heed  this  warning:  Because 
of  systemic  problems  with  today’s 
Internet  infrastructure,  ISPs  cannot  yet 
guarantee  enterprise-class  QoS  required 
for  enterprise  VPNs. 

QoS  is  the  capability  of  a  network  to 
define  and  negotiate  levels  of  perfor¬ 
mance,  reliability  and  predictability 
between  the  user  and  the  provider.  If 
VPNs  are  to  use  the  Internet  effectively 
as  a  future  enterprise  infrastructure, 
they  need  to  deliver  the  same  levels  of 
guaranteed  service  that  network  man¬ 
agers  expect  from  their  tried-and-true 
leased  lines. 

If  anything,  the  QoS  requirements 
would  become  even  more  stringent  as 
customers  start 
putting  next-gen¬ 
eration  applica¬ 
tions  such  as  dis¬ 
tance  learning 
and  multimedia 
on  the  ’Net  For 
most  mission-criti¬ 
cal  applications, 
the  cost  savings  Andrew  Hacker 
from  VPNs  are  ne¬ 
gated  if  users  must  sacrifice  QoS  beyond 
certain  limits.  It  does  no  good  telling  your 
chief  financial  officer  you  saved  hundreds 
of  thousands  of  dollars  in  line  charges, 
only  to  have  to  turn  around  and  say  the 
Company  lost  several  times  that  in  rev¬ 
enue  because  the  average  sales  transac¬ 
tion  time  doubled  due  to  substandard 
Internet  performance. 

Recognizing  the  importance  of  QoS, 
most  VPN  hardware  and  software  ven¬ 
dors  are  already  emphasizing  the  QoS 
aspects  of  their  products.  A  common 
technique  is  to  offer  some  form  of  traf¬ 
fic  shaping  to  help  prioritize  important 
traffic  over  less  important  traffic  before 
it  hits  the  Internet. 

The  problem  is  that  a  single  VPN 
connection  may  travel  over  several  ISP 
networks.  Unless  they  all  agree  to  pro¬ 
vide,  say,  a  uniform  Priority  1  service, 
the  best  service  level  for  that  connec¬ 
tion  is  limited  to  the  ISP  providing  the 
worst  service  level.  Even  if  ISPs  were  to 
attempt  end-to-end  QoS,  it  is  a  tough 
task  because  there  is  no  standard  to 
implement  end-to-end  QoS. 

Ultimately,  guaranteeing  QoS  is  a  task 
for  future  public  network  providers.  ISPs 
and  standards  bodies  are  already  build¬ 
ing  infrastructures  and  enhancing  Inter¬ 
net  protocols  to  support  QoS,  such  as 
GigaPop  from  the  Internet  2’s  QoS  work¬ 
shop.  Once  such  standards  are  in  place, 
ISPs  can  standardize  on  procedures  for 
negotiating  interprovider  QoS.  Until 
then,  VPNs  will  remain  unsuitable  as 
an  alternative  to  today’s  enterprise 
intranets. 

Andrew  Hacker  is  a  senior  engineer/ analyst 
with  The  Tolly  Group,  a  strategic  consulting  and 
independent  testing  firm  in  Manasquan,  N.J.  He 
can  be  reached  at  (732)  528-3300,  ajh@tolly.com 
or  www.toUy.com.  Hacker  is  filling  in  for  Kevin 
ToUy,  who  is  on  vacation. 
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IN  THE  WORLD  OF  DIGITAL  SWITCHING,  THIS  IS  A  TIME  OF  GREAT  CHANGE.  Harmonious  convergence  is  no  longer  a  dream. 
With  Nortel  Meridian  -  the  global  leader  in  digital  switching  -  it's  here.  Meridian's  product  portfolio  -  the  broadest  in  the  industry  -  provides 
solutions  to  seamlessly  and  reliably  integrate  voice,  video  and  data.  Giving  your  people  the  ability  to  exchange  information  however  they 
choose.  It  also  adapts  to  increasing  demands  -  as  your  business  grows  and  requirements  become  more  complex.  And  Meridian  helps  transform 
your  network  into  a  Power  Network,  keeping  pace  with  your  needs  -  even  as  they  change  -  with  the  least  interruption  for  you  and  your 
customers.  Power  to  the  people.  To  learn  more,  visit  www.nortel.com/169D  or  call  1-800-4  NORTEL,  dept.  169D  Meridian.  It's  a  beautiful  thing. 


N&RTEL 

NORTHERN  TELECOM 


©  1998  Northern  Telecom.  Nortel,  the  globemark,  Meridian  and  Power  Network  are  trademarks  of  Northern  Telecom. 
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Briefs 


Sparks  fly  over  bandwidth  shortage 


■  GTE  Internetwork¬ 
ing  has  announced  that 

Charles  Gibney  is 


GTE’s  Gibney 


at  the  ISP. 

Paul  Gudonis, 
who  was -pro¬ 
moted  to 'president  after  George 
Conrades  stepped  down  on  Aug. 
1,  most  recently  held  this  posi¬ 
tion.  Gibney  comes  to  GTE  from 
Cable  &  Wireless,  where  he  was 
senior  vice  president  of  interna¬ 
tional  and  corporate  business. 
GTE  Internetworking  also  said 
Paul  O’Brien  would  be  the  new 
vice  president  and  general  man¬ 
ager  of  the  company’s  IP  tele¬ 
phony  services  business  unit. 


■  ©Work,  the  Internet 
access  business  service  division 
of  @Home  Network,  last  week 
introduced  Web 
hosting  services. 
@Work  is  offering  customers  a 
shared  Web  hosting  service 
based  on  Sun  servers.  The  ser¬ 
vice  promises  24-7  manage¬ 
ment  and  monitoring,  and 
CryptoChannel  Secure  Sockets 
Layer-based  encryption.  The 
ISP  will  also  offer  customers 
@Work  WebHosting.  The  service 
is  available  now  for  $50  to  $500 
per  month. 

d)  @Work:  (888)  988-3675 


■  US  WEST  Enter¬ 
prise  Networking 

announced  customers  unit  be 
able  to  integrate  their 
voice,  video  and 
data  communica¬ 
tions  over  dedicated  IP, 
frame  relay  and  ATM  connec¬ 
tions.  US  WEST  is  using  Cisco 
Systems  2600  and  3600  routers 
and  MC3810  multiservice 
access  concentrators  at  cus¬ 
tomer  premise  sites  to  support 
the  new  services.  US  WEST  is 
also  deploying  Cisco’s  BPX 8600 
switches  throughout  its  network 
to  support  the  services. 

d)US  WEST  Enterprise: 
(800)328-2879 


By  David  Rohde 

Charleston,  W.Va. 

A  shortage  of  high-capacity 
bandwidth  in  West  Virginia  has 
led  to  a  nasty  fight  among 
major  carriers  over  how  wide¬ 
spread  the  problem  is  —  and 
who’s  to  blame. 

Delays  in  obtaining  long-dis¬ 
tance  T-l  and  T-3  lines  are 
threatening  the  expansion  of 
West  Virginia’s  education  net- 


state  and  to  neighboring  states. 

In  response,  MCI  and  World¬ 
Com  conceded  they  are  suffer¬ 
ing  bandwidth  shortages  in 
West  Virginia  but  claimed  the 
problem  is  concentrated  in 
only  one  part  of  the  state  and 
will  be  resolved  this  fall. 

AT&T  is  taking  a  more  mili¬ 
tant  stance.  It  denies  it  is  suffer¬ 
ing  any  shortages  and  charges 
that  Bell  Atlantic’s  complaint  is 


“U hat  we  have  here  are  six- 
lane  superhighways  in  West 
Virginia  feeding  into  two-lane 
country  roads  leading  in  and 
out  of  the  state.” 

Dennis  Bone,  president,  Bell  Atlantic- 
West  Virginia 


work  and  discouraging  compa¬ 
nies  from  locating  call  centers  in 
the  state,  Bell  Adantic  said  in  a 
recent  complaint  to  the  Federal 
Communications  Commission. 

As  a  solution,  Bell  Atlantic  is 
asking  the  FCC  to  break  prece¬ 
dent  and  allow  it  to  provide 
long-distance  circuits  across  the 


a  “cynical  ploy”  to  obtain  regu¬ 
latory  authority  to  carry  long¬ 
distance  traffic.  Yet  some  users 
report  they  are  suffering  delays 
in  getting  AT&T  circuits. 

At  the  center  of  the  contro¬ 
versy  is  a  project  called  WVNET, 
which  provides  Internet  access 
for  schools,  colleges  and  state 


agencies  around  West  Virginia. 

Until  recendy,  WVNET  pro¬ 
vided  Internet  connectivity  via  a 
22M  bit/sec  link  from  UUNET 
that  stretched  from  Morgan¬ 
town,  W.Va.,  to  Pittsburgh.  But 
in  January,  WVNET  awarded  a 
contract  to  Bell  Atlantic 
Internet  Solutions  (BAIS)  to 
more  than  double  capacity  via 
two  34M  bit/sec  connections, 
one  in  Morgantown  and  one  in 
Charleston,  the  state  capital. 

BAIS  obtained  the  Charles¬ 
ton  facility  from  a  power-compa¬ 
ny  affiliate  but  could  not  get  the 
Morgantown  link  for  six  months 
until  WorldCom  offered  facili¬ 
ties,  according  to  Bell  Adantic. 
As  of  last  week,  the  WorldCom 
link  was  still  not  up. 

Dennis  Bone,  president  of 
Bell  Adantic-West  Virginia,  says 
his  company  has  built  numer¬ 
ous  SONET  facilities  across  the 
state  to  provide  local  bandwidth 
not  matched  by  long-distance 
facilities.  “What  we  have  here 
are  six-lane  superhighways  in 
West  Virginia  feeding  into  two- 
lane  country  roads  leading  in 
and  out  of  the  state,”  Bone  says. 

The  issue  goes  beyond  the 


WVNET  Internet  connections, 
says  Matthew  Brown,  a  manager 
in  the  state  government’s  Infor¬ 
mation  Services  and  Communi¬ 
cations  Division.  AT&T  missed 
a  scheduled  installation  date  by 
28  days  for  a  T-3  link,  and  other 
carriers  have  let  schedules  slip 
for  a  variety  of  facilities. 

Likewise,  the  Civic  Develop¬ 
ment  Group,  a  West  Virginia 
call  center  and  telemarketing 
outsourcing  company,  in  mid- 
June  ordered  14  T-ls  from 
AT&T  and  WorldCom  for  a 
new  call  center  in  Clarksburg, 
W.  Va.  Only  seven  were 
installed  by  mid-July,  and  the 
rest  are  still  not  in  place,  says 
Eric  Shaw,  Civic  Development’s 
Clarksburg  site  manager.  ■ 


Get  more  online: 

o  A  look  at  how 
RBOCs  will  step 
up  DSL  deployment. 


o  A  report  on  the  controversy 
surrounding  the  FCC’s 
broadband  deployment  plan. 


www.nwnision.com 


Five  cities  got  Rhythms 


By  Tim  Greene 

Englewood,  Colo. 

No  one  ever  told  Rhythms 
NetConnections  that  breaking 
into  the  high-speed  digital  sub¬ 
scriber  line  (DSL)  services  mar¬ 
ket  would  be  easy. 


Despite  delays  caused  by 
negotiations  with  established 
local  carriers  and  the  difficulties 
of  setting  up  a  nationwide  net¬ 
work,  the  carrier  will  this  year 
roll  out  services  in  five  cities  — 
Boston,  Chicago,  Los  Angeles, 


San  Diego  and  San  Francisco. 

Backed  by  $180  million  in 
investment  capital,  Rhythms 
offers  DSL  services  —  at  speeds 
from  256K  to  7M  bit/sec  — 
aimed  at  business  customers. 

The  DSL  lines  connect  cus¬ 
tomers  with  either  an  ISP  or  a 
corporate  network.  Rhythms 
installs  the  necessary  hard¬ 
ware  and  software,  including 
modems  and  an  Ethernet  net¬ 
work  interface  card  for  the  cus¬ 
tomer  PC.  Rhythms  also  con¬ 
nects  the  DSL  circuit. 

Hutchins  Associates,  a  pub¬ 
lishing  industry  service  bureau 
in  San  Diego,  uses  Rhythms’ 
DSL  to  access  the  Internet  and 
to  connect  two  sites  that  are 
about  a  mile  apart,  says  Linda 
Hutchins,  the  company’s  net¬ 
work  administrator. 

The  service  is  less  expensive 
than  a  T-l  but  offers  near-T-1 
speed.  It  runs  over  existing  tele¬ 
phone  wiring  in  the  Hutchins 
building,  she  says. 


One  key  challenge  in  setting 
up  the  network  was  negotiating 
with  the  regional  Bell  operat¬ 
ing  companies.  Rhythms  has  to 
deal  with  them  because  the 
RBOCs  own  the  local  tele¬ 
phone  lines  that  DSL  runs 
over.  “What  you  have  is  a  will¬ 
ing  buyer,  who  is  us,  and  a  not- 
so-willing  seller,  which  is  the 
RBOC,”  says  Eric  Geis,  general 
manager  for  Rhythms’  western 
region. 

It  can  take  five  to  six  months 
and  $50,000  just  to  negotiate 
an  interconnection  agreement 
with  an  RBOC.  Then  it  costs 
between  $30,000  and  $100,000 
to  set  up  space  in  an  RBOC 
switching  office  to  place 
Rhythms’  network  hardware. 

Rhythms  chooses  cities  to 
enter  based  on  the  number 
of  businesses  located  there, 
the  number  of  remote  workers 
they  employ  and  the  number 
of  LAN  segments  they 
represent.  ■ 


RHYTHMS 


PROFILE:  RHYTHMS 

Based:  Englewood,  Colo. 

Founded:  1997 

Funding:  $30  million  initial  funding  from  Kleiner  Perkins  Caufield 
&  Byers,  Enterprise  Partners,  The  Sprout  Group  and 
Brentwood  Venture;  $150  million  private  placement. 

Services:  Dedicated  broadband  access  using  DSL  technology. 
Employees:  126 
Competitors:  Covad,  RBOCs 

Fun  fact:  CEO  Catherine  Hapka  and  Vice  President  of  Sales  Gloria 
Farler  are  both  percussionists,  hence  the  name  Rhythms. 
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Carriers  &  ISPs 


EYE  ON  THE  CARRIERS 

IP  convergence  and  your  telecom  contract 


gi  II  P  voice/data  convergence  nay- 
sayers  have  it  easy.  On  the  surface, 
the  phenomenon  seems  easy  to  debunk. 
The  popular  press  spent  the  first  half 


of  this  year  glorifying  the  new  IP  tele¬ 
phony  providers  because  they  could 
carry  phone  calls  for  “only”  7.5  cents  per 
minute.  But  everyone  in  the  trenches 


realizes  most  corporations  are  already 
getting  regular  telephony  for  less. 

Besides,  I’ve  yet  to  hear  of  a  network 
manager  handing  a  card  to  his  CEO  and 


saying,  “Punch  in  these  31  numbers  to 
reach  our  new  Internet  carrier,  and  then 
talk  slowly  and  loudly  to  the  other  CEO 
so  he  knows  we’re  offering  $10  million, 
not  $10  billion,  in  that  takeover  deal.” 

So  can  you  sit  back  and  let  conver¬ 
gence  hype  just  roll  over  you  until  it  goes 
away?  Not  by  a  long  shot.  There’s  real 
action  in  voice  over  IP  today.  And  the 
real  action  has  nothing  to  do  with  num¬ 
bers  like  7.5  cents  per  minute.  Move  the 
decimal  point  over  and  it’s  more  like 
making  calls  for  0.75  cents  per  minute 
by  avoiding  the  tolls  of  the  legacy  carri¬ 
ers  and  the  newbies. 

Users  are  finding  that  it  doesn’t  take 
an  announcement  of  voice-over-frame 
relay  services  from  AT&T,  MCI  and 
Sprint  to  get  the  convergence  market 
going.  For  you,  the  real  hang-up  could 
be  in  something  much  closer  to  home: 
your  telecom  contract. 

For  years  carriers  have  promised  to 
shave  rates  just  a  little  more  if  you  sign  a 
long-term  voice  contract  with  a  rising 
minimum  expenditure  each  year  of  the 
contract.  But  go  to  move  your  voice  traf¬ 
fic  to  frame  relay  or  ATM  and  you  may 
suddenly  find  you’ve  violated  the  con¬ 
tract  because  your  telephony  spending 
will  have 
shrunk. 

So  if  you 
have  any 
interest  at 
all  in  voice/ 
data  con¬ 
vergence, 
here  are 
some  talk¬ 
ing  points 
for  your  next  carrier  negotiation,  which 
I  hope  is  coming  up  soon: 

1.  The  major  carriers  now  all  want  to 
be  your  voice  and  data  carrier.  Fine.  Tell 
them  the  key  to  your  business  is  the  data 
network.  Any  carrier  that  prevents  you 
from  adding  features  to  your  enterprise 
data  network  because  the  contract  oblig¬ 
ates  you  to  spend  X  bazillion  dollars  on 
voice  tolls  could  be  replaced. 

2.  Watch  for  extra  costs  such  as  premi¬ 
ums  for  souped-up,  voice-enabled  frame 
relay  virtual  circuits  that  supposedly  get 
priority  over  other  circuits.  Those  fancy 
virtual  circuits  are  all  well  and  good,  but 
many  experts  believe  the  key  is  prioritiza¬ 
tion  schemes  in  customer  premise  equip¬ 
ment.  Don’t  default  your  WAN  design 
and  traffic  modeling  to  the  carrier. 

3.  Finally,  tell  carriers  that  preset  mini¬ 
mum  annual  expenditures  that  rise  each 
year  of  a  multiyear  contract  don’t  make 
much  sense  anymore  —  even  without  IP 
convergence.  Here’s  the  long-distance 
carriers’  dirty  little  secret:  By  federal 
mandate,  every  July  1,  the  access  charges 
they  pay  the  local  exchange  carriers  go 
down.  So  quite  possibly  you  ought  to  be 
paying  less,  not  more,  even  if  your  voice 
traffic  never  migrates. 

Rohde  is  a  senior  editor  with  Network 
World.  He  can  be  reached  at  drohde@ 


jNetworkWorldQL 


TECHNICAL  SEMINARS 


TM 
INTEGRATION 


Understanding 
ATM  and  How  It 
Fits  in  Your  WAN 


m. 
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SEMINAR  TOUR 

October  6 

Boston,  MA 

October  7 

Atlanta,  G  A 

October  23 

Chicago,  IL 

October  29 

Dallas,  TX 

December  2 

Los  Angeles,  CA 

December  3 

San  Francisco,  CA 

i  December  9 

New  York,  NY 

Ik  December  10 

Washington,  DC 

Presented  by  Liza  Henderson 
TeleChoice,  Inc. 

i  H - 

Register  today  for  the  seminar  nearest  you! 
Your  registration  fee  of  $450  includes: 

Full-day  seminar,  comprehensive  workbook,  and 
exclusive  Network  World  ATM  Resource  CD-ROM, 
as  well  as  continental  breakfast,  luncheon,  and 
refreshment  breaks. 

Save  with  our  Team  Discounts: 

Up  to  $  1 00  off  each  registration  and  every  4th  person 
attends  FREE! 


PROGRAM  OVERVIEW 

As  a  network  IS  professional,  you  are  faced  with  a  variety  of 
network  challenges  that  directly  affect  your  WAN,  and  your 
ability  to  provide  different  Qualities  of  Service  (QoS)  to  your 
end  user  community.  ATM  is  fast  becoming  the  high-speed 
WAN  technology  of  choice,  and  is  the  technology  that  will  help 
you  meet  your  challenges  head-on. 

ATM  Integration  is  designed  to  help  you  discover  ATM’s  best 
fit  into  your  wide  area  network  architecture.  The  program  will 
explore  the  capabilities  and  benefits  of  ATM,  public  and  private 
ATM  implementation  options,  and  typical  carrier-based  service 
offerings.  The  pros  and  cons  of  ATM  compared  with  alternative 
solutions  will  be  examined,  and  you  will  leave  this  seminar 
with  the  information  you  need  to  determine  the  role  ATM 
should  play  in  your  enterprise  network. 

BENEFITS  OF  ATTENDING 

Discover  how  to  use  ATM  as  the  WAN  backbone  to 
interconnect  your  existing  LANs 

Find  out  what  you  can  expect  from  future  ATM  equipment 
and  services 

Learn  how  other  users  have  implemented  ATM,  and  how 
they  justified  the  change 


Obtain  a  list  of  questions  and 
checkpoints  for  evaluating 
ATM  vendors 


ENTER  TO  WIN 
A  FREE  ELECTRONIC 
POCKET  ORGANIZER 
AT  THE  SEMINAR! 


Speak  with  ATM  vendor 
representatives  to  address  your  specific  needs 


SPONSORED  BY: 
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If  you  are  interested  in  sponsorship  opportunities,  please  contact 
Andrea  D’Amato  at  (508)  820-7520  or  e-mail  her  at  adamato@nww.com 


(800)643-4668 

www.nwfusion.com/ seminars 
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Covering:  Messaging  •  Groupware  •  Databases  •  Multimedia  •  Electronic  Commerce  •  Security 


Briefs 


■  Austin,  Texas-based 

Schlumberger 
Smart  Cards  & 
Terminals  said  it  is  now 
shipping  the  Java-based 

Cyberflex  Open 
16K  smart  card,  so 

named  because  of  its  program¬ 
ming  capacity. 

The  firm  also  is  shipping  the 
$495  Schlumberger  Cyberflex 
Develop¬ 
ment 
Kit  for 
building 
applica¬ 
tions  that 
use  Cyber¬ 
flex  Open 
16K,  which  is  based  on  the  Java 
Card  2.0  API. 

The  development  kit  sup¬ 
ports  a  PC/smart  card  inter¬ 
face,  an  application  processor, 
a  smart  card  simulator  and  a 
smart  card  manager. 

<D  Schlumberger:  (512)  351- 
3000 

■  Netscape  recently 
announced  a  new  software 
package,  Process 
Manager,  which  lets 
developers  build  Web-based 
applications  that  handle 
processes  that  normally  take 
place  over  the  phone,  e-mail 
and  in  person. 

Through  integration 
with  Enterprise  Server  and 
Directory  Server,  Process 
Manager  enables  secure  com¬ 
munication,  coordinated 
workflow  and  sign-off  on 
tasks  such  as  contract  negotia¬ 
tions,  job  bidding  and  project 
management. 

A  starter  bundle  will  cost 
$9,995  and  include  100  client 
licenses,  two  developer  seats, 
100  Directory  Server  user 
licenses  and  Enterprise  Server 
software. 

Additional  client  licenses 
and  developer  seats  are 
expected  to  be  priced  at  $75 
per  client  and  $1,495  per  seat. 

Deployment  to  an  extranet 
is  slated  to  start  at  $49,500  per 
server. 

Currently  in  private  beta, 
shipment  is  scheduled  for 
the  fall. 


Schlumberger’s 

Cyberflex  Open 
16K  smart  card. 


Hospitals  stitch  together  critical  intranet 


By  Ellen  Messmer 

A  half  dozen  large  Boston- 
area  hospitals,  which  already 
share  IT  resources,  are  now  set¬ 
ting  their  sights  on  the  World 
Wide  Web. 

The  group  is  hard  at  work 
building  customized  Web  appli¬ 
cations  for  single  sign-on,  easy 
access  to  patient  records,  and 
Web-based  paging  for  physi¬ 
cians  and  other  medical  per¬ 
sonnel  who  always  seem  to  be 
on  the  go. 

The  hospitals  —  Mass¬ 
achusetts  General  Hospital 
(MGH)  Brigham  8c  Women’s 
Hospital,  and  Newton-Wellesley 
Hospital  among  them  —  are 
building  dozens  of  these  Web 
applications  in-house  with  the 
help  of  Cache  from  Inter- 
Systems  Corp.  The  applications, 
based  on  the  Cache  database 
management  system,  are  replac¬ 
ing  the  hospitals’  older  and  less 
flexible  MGH  Utility  Multi¬ 
processing  System  databases. 
Cache  is  a  Web-enabled  object- 
oriented  relational  database 


their  hospital  directories. 


and  development  environment. 

The  benefits  of  Cache  are 
already  being  realized.  “One 
of  our  latest  projects,  a  direc¬ 
tory  application  built  in-house, 
gives  you  a  way  to  rapidly  dis¬ 
cover  phone  numbers  for  all 
the  people  who  are  moving 
around  the  different  hospitals 
on  any  particular  day,”  says 


Kathyln  Monbouquette,  direc¬ 
tor  of  telecommunications 
and  operations  at  Partners 
Healthcare  System,  which  pro¬ 
vides  IT  services  to  the  group 
of  area  hospitals. 

The  hospitals  now  have 
about  30,000  Web-ready 
desktops  that  autho¬ 
rized  people  can  use  to 
get  at  Cache-based  data¬ 
base  applications.  The 
number  of  desktops  is 
expected  to  climb  to 
50,000  by  year-end.  The  six 
hospitals  are  connected  by 
T-l  and  T-3  lines,  or  OC-12 
SONET  rings. 

Intranet  stat! 

Using  Cache,  the  IT  team  at 
Partners  Healthcare  System  set 
up  a  centralized  server  that 
contains  metadata,  which 
describes  what  is  on  the  Web 
servers  on  the  hospitals’ 
intranet. 

A  dozen  Cache  database 
servers  hold  information  such 
as  directories  listing  thousands 


of  personnel,  schedules, 
online  records  and  files,  and 
phone  and  pager  numbers. 

Users  can  authenticate  their 
identity  from  any  Web  desktop 
and  gain  access  to  authorized 
resources. 

The  hospitals  have  about 
100  Cache  applications  run¬ 
ning,  the  latest  one  providing 
a  way  to  page  medical  person¬ 
nel  via  the  Web  instead  of 
by  phone. 

“To  alert  a  physician  about 
abnormal  lab  results,  for 
instance,  you  would  just  go  to 
the  Web  directory  and  click  on 
‘page,’  and  it  will  do  it  for 
you,”  Monbouquette  says.  ■ 

Get  more  online: 

oCase  studies  of 
intranets  at  other 
large  enterprises. 

o  Information  on  our  intranet 
mailing  list. 


Firewall  market  blazing,  up  143% 

More  companies  on  the  Internet  means  more  firewalls. 


By  Phil  Hochmuth 

Internet  firewall  vendors 
experienced  major  growth  in 
1997,  according  to  a  report 
published  last  month  by 
Framingham,  Mass.-based 
International  Data  Corp. 


(IDC).  The  market  for  fire¬ 
walls  more  than  doubled  last 
year,  growing  from  $145.6  mil¬ 
lion  in  1996  to  $353.5  million 
—  an  increase  of  143%. 

The  main  factor  that  caused 
the  firewall  market  to  balloon 


was  the  increase  in  companies 
connecting  to  the  Internet. 
Also,  more  companies  began 
using  the  World  Wide  Web, 
not  just  for  e-mail  and  Web 
browsing,  but  as  a  core  busi¬ 
ness  tool. 

Safety  first 

With  more  and  more  busi¬ 
ness  being  conducted  on  the 
Web,  the  need  for  Internet 
security  became  a  top  priority. 
As  services  such  as  online 
product  ordering  and  product 
information  databases  became 
more  sophisticated,  security 
measures  followed  suit. 

According  to  the  IDC 
report,  Check  Point  Software 
Technologies  retained  its  title 
as  the  top  firewall  vendor  and 
was  clearly  the  market  leader 
last  year  with  $83  million  in 
sales.  Cisco  Systems  followed 
in  the  No.  2  spot  with  $65.7 


million  in  sales. 

Axent  Technologies,  which 
acquired  Raptor  Systems, 
ranked  third  at  $26  million, 
trailed  by  Network  Assoc¬ 
iates,  now  in  fourth  place 
with  $21  million.  In  fifth 
place,  CyberGuard  and 
Secure  Computing  ranked 
with  about  $19  million  each 
in  revenue. 

Firewall  underdogs 

Several  of  the  larger  soft¬ 
ware  companies  last  year 
ended  up  at  the  lower  end  of 
the  firewall  market.  Microsoft, 
Novell,  IBM,  and  Sun  all  gar¬ 
nered  $5  million  to  $10  mil¬ 
lion  in  firewall  sales. 

Other  vendors  in  the  $5 
million  to  $10  million  range 
included  Elron  Software, 
Computer  Associates  and 
Compaq,  which  now  owns 
Digital’s  Alta  Vista  firewall. 

IDC  forecasts  the  firewall 
market  to  continue  to  grow 
over  the  next  few  years,  with 
revenue  reaching  $1.2  billion 
by  2000,  and  $1.8  billion  by 
2002.  ■ 


TOP  COMPANIES  IN  FIREWALL  SOFTWARE  REVENUE 


In  millions 


■I  Check  Point  Software 
■1  Cisco  Systems 
H  Axent  Technologies 
Network  Associates 
CyberGuard 
Secure  Computing 

Hi 


Companies  with 
$5  million  to  $10 
million  in  firewall 
software  revenue: 

©  Compaq 

o  Computer  Associates 
0  Elron  Software 
o  IBM 
o  Microsoft 
o  Novell 
0  Sun 
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’HE I  INSIDER 

How  many  9s  are  enough? 


Of  there  is  one  thing  telephone  peo¬ 
ple  are  insistent  on,  it  is  reliability 
—  at  least  in  their  demands  on  equip¬ 
ment.  The  common  belief  among  phone 


people  who  are  trying  to  build  data  net¬ 
works  is  that  equipment  needs  to  be  “five 
nines”  (99.999%)  reliable  in  order  to  be 
useful  in  a  network  they  want  to  build.  I 


think  they  are  wrong  to  want  this  level  of 
reliability  in  data  networking  equipment, 
and  I  fear  their  insistence  on  this  level  is 
inhibiting  their  deployment  of  useful 
data  networks. 

It  will  be  interesting  to  see  if  they  main¬ 
tain  this  belief  in  the  future,  in  which  case 
they  will  have  to  compete  against  other 
providers  for  customers.  It  is  currently 


easy  for  the  traditional  phone  company 
to  insist  on  reliability  at  great  cost  because 
it  exists  in  a  world  where  increased  cost 
means  increased  revenue  being  autho¬ 
rized  by  the  local  utility  commissions. 

But  utility-commission-distorted  eco¬ 
nomics  aside,  I  think  the  problem  is  that 
the  people  who  are  insisting  on  five  nines 
do  not  understand  data  networking. 

Back  in  1964,  Paul  Baron,  then  at 
Rand  Corp.,  produced  a  series  of  articles 
proposing  the  idea  of  packet-switching 
nets.  (The  papers  were  recently  posted 
online  at  www.rand.org/publications/ 
RM/baran.list.html.)  Baron  was  working 
at  a  time  when  there  was  considerable 
worry  about  the  destruction  of  the  U.S. 
communications  infrastructure  by 
enemy  action.  He  proposed  a  network 
design  that  would  survive  large-scale 
node  or  link  destruction.  His  design  was 
for  a  distributed  network  with  many 
small  cheap  packet  switches  and  many 
redundant  links  between  them  instead  of 
the  then-common  network  design  that 
had  a  few  large  phone  circuit  switches. 
He  showed  that  when  reliability  was  mea¬ 
sured  end  to  end, 
a  distributed  net 
would  exhibit  very 
high  reliability 
even  in  the  face  of 
the  failure  of  a 
number  of  the 
switches  or  links 
in  the  network. 

He  concluded, 

“From  the  user’s 
viewpoint,  the  system  appears  to  be  virtu¬ 
ally  noise-  and  error-free  when  handling 
data.”  He  was  describing  the  current 
Internet  architecture  long  before  its  time. 

A  key  reason  to  use  a  distributed  net¬ 
work  is  to  minimize  the  reliance  on  any 
single  network  component.  The  network 
will  route  around  link  or  switch  failures. 
In  this  type  of  environment,  five  nines 
reliability  is  overkill.  But  it’s  not  a  sur¬ 
prise  phone  types  think  in  terms  of  the 
need  for  extreme  reliability  —  they  gen¬ 
erally  don’t  have  distributed  networks 
with  redundant  paths. 

There  are  places  in  many  ISP  net¬ 
works  where  redundancy  is  not  as  rich 
as  it  might  be  —  the  link  to  the  cus¬ 
tomer  site  for  example.  And  in  many 
ISPs,  the  level  of  traffic  is  such  that  rout¬ 
ing  around  a  failure  will  cause  conges¬ 
tion  and  data  loss.  But  Internet-style  net¬ 
works  are  not  the  same  as  telephone- 
style  ones,  and  the  reliability  demanded 
from  each  component  should  not  have 
to  be  as  high  because  the  net  will  cover 
up  for  a  lack  of  reliability  due  to  redun¬ 
dancy  in  most  cases.  Less  expensive,  rea¬ 
sonably  reliable  switches  may  not  result 
in  less  reliable  service  to  the  customer. 

Disclaimer:  Harvard  spends  more  time 
understanding  the  reliability  of  people 
than  electronic  components,  so  the 
above  postulation  is  mine. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@harvard.edu. 
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COMDEX/Enterprise 

Event:  Sept.  8-11, 1998  /  Expo:  Sept.  8-10, 1998  /  Moscone  Center /San  Francisco,  CA 

A  new  event  focusing  on  these  mission-critical  areas: 

Intemet/lntranet/Extranet  •  E-Commerce  •  Business  Application  Development  •  Server  Deployment/Migration  •  Infrastructure 


im 


Introducing  COMDEX/Enterprise:  the  all-new  Conference 
and  Exposition  dedicated  to  helping  you  architect  enterprise 
solutions.  See  the  cutting-edge  technologies,  products  and 
information  you  need  to  develop,  deploy  and  distribute 
mission-critical  business  applications. 

This  powerful  enterprise  solutions  forum  tackles  today's 
most  vital  business  challenges.  Enterprise  provides  in- 
depth  education  on  proven  implementations  along  with  an 


a*  ^.COMDEX' 
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Exposition  showcasing  the  latest  products  from  more  than 
250  top  exhibitors. 

W ho  should  attend?  Anyone  involved  in  architecting  enterprise 
solutions:  IS/IT/M1S,  Systems  Architects  and  Designers, 
Application  Developers,  Systems  Engineers  and  Integrators, 
Resellers,  Network/Teiecom  Managers,  and  Strategic  Business 
Analysts.  Contact  us  today  for  your  free  Exposition  pass  and 
your  copy  of  the  Enterprise  Advance  Program  Guide. 


Sponsors:  m  mmm 


To  register  or  for  more  information: 

www.comdexenterprise.com  /  888-800-8920  (int’i:  +1-650-372-7071)  /  comdexenterprise@zd.com 


Scott  Bradner 
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believe  in  technology  2D 
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a  leader  in  the  fiercely  competitive  world  of  online  investing.  How 
can  they  keep  growing  while  fending  off  competitors?  To  maintain  momentum  as  a 
category  leader,  they  need  the  ability  to  introduce  new  services  in  Internet  time.  So 
we  helped  E*TRADE  develop  their  online  Mutual  Fund  Center  in  just  eight  weeks, 
giving  them  a  critical  lead;  now  customers  can  trade  more  than  4,000  top  mutual 
funds.  We  also  helped  them  build  the  system  with  the  power  to  manage  wildly 
fluctuating  activity,  and  scale  up  quickly  to  meet  demand.  What  makes  it  all  possible? 
Netscape  Application  Server  software.  Today,  there's  no  telling  what  business  will 
break  away  from  the  competition  with  a  Netscape  solution.  Learn  more  with  a  free 
information  packet-call  888-437-9973  or  visit  home.netscape.com/breakaway/et 


E*TRADE 
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A  remote  access  solution  that 
easily  expands  to  accommodate  a  crowd 


The  DataFire®  RAS  48,  with  up  to  48  modem 
channels.  It  supports  K56flex  (software-upgradable 
to  V.90),  as  well  as  ISDN  via  T1  or  PRI  connections. 


The  DataFire®  RAS  4,  with  4  BRI  ISDN  connections 
and  8  integrated  modems.  It  also  supports  K56flex 
(software-upgradable  to  V.90). 


Expecting  more  remote  users?  Just  slide  a 
Digi  RAS  concentrator  into  a  PC -class  server. 
The  powerful  new  RAS  concentrators  from 
Digi  range  from  4  to  48  analog  or  ISDN 
channels.  With  a  four-slot  server,  you  can 
accommodate  as  many  as  192  channels. 


growth,  whether  it’s  running  Windows  NT,® 
Novell®  NetWare®  or  a  UNIX®  operating  system. 

Whatever  you’re  serving,  Digi’s  RAS 
concentrators  easily  scale  to  handle  a  lot 
of  company.  Including  yours.  Learn  more 
about  Digi’s  RAS  concentrators  by  visiting 


The  AccelePort®  RAS  8,  with  up  to  8  POTS 
connections  and  integrated  modems,  supports 
K56flex  (software-upgradable  to  V.90). 
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The  DataFire  GOI®  PRO,  a  client  PC  card  that 
supports  Ethernet,  K56flex/V.90,  PCS  and 
ISDN  connections. 


Configuring  and  managing  these  RAS 
concentrators  are  also  easy  jobs  with 
PortAssisC  Digi’s  new  Web-based  tool.  Which 
means  better  management  of  a  network’s 


www.dgii.com  or  calling  1-800-255-2985. 


Connectability 


All  brand  names  and  product  names  are  trademarks  or  registered  trademarks  of  their  respective  holders.  ©1998  Digi  intemauonal. 
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NETWORK  HELP  DESK 


Ron  Nutter,  a  Master  Certi¬ 
fied  Novell  Engineer  and  Micro¬ 
soft  Certified  Systems  Engineer 
in  the  Lexington,  Ky.,  area, 
tracks  down  the  answers  to  your 
questions.  Call  (800)  622-1108, 
Ext.  7476,  or  send  your  questions 
to  helpdesk@networkref.com. 

We  use  Microsoft’s  Routing  and 
Remote  Access  Server  (RRAS)  to 
connect  two  sites.  We’ve  got 
three  Hayes  56K-bit/sec  modems 
talking  to  a  stack  comprising 
three  of  the  same  type  of  modem. 
The  problem  is  that  after  a  day 
or  so  one  of  the  modem  pairs 
drops  off.  Then,  within  a  week, 
another  pair  does,  too. 

When  the  one  remaining  pair 
of  modems  finally  disconnects, 
the  RRAS  connection  redials  itself 
and  we’re  back  up  to  a  full  three- 
to-three  connection.  Alternatively, 

I  can  go  to  a  RRAS  server,  discon¬ 
nect  it  and  then  reconnect  to  get 
a  full  three-to-three  connection. 

Do  you  know  of  a  way  to  get 
RRAS  to  redial  after  any  pair  of 
modems  drops  off  or  to  keep  the 
three  pairs  alive  for  a  longer 
period? 

Via  Network  World  Fusion 

Connecting  modems  to  a  RRAS 
server  via  serial  ports  could  lead 
to  this  problem.  1  recommend 
using  a  multiport  communica¬ 
tions  board  from  Comtrol. 

This  board  has  an  onboard 
processor  that  eliminates  the 
need  for  the  server  CPU  to  service 
the  modems  attached  to  it.  If  you 
are  already  using  a  board  similar 
to  this,  check  with  the  manufac¬ 
turer  to  see  if  it  has  newer  drivers 
available. 

Unless  you  have  someone  at 
each  server  when  one  of  the 
modems  drops  connection  or 
catch  a  message  in  the  event  log 
pointing  you  in  the  right  direc¬ 
tion,  you  might  want  to  consider 
changing  out  one  pair  of  the 
modems  to  see  if  the  problem  is 
modem-related. 

You  also  might  want  to  check 
a  couple  of  Web  resources.  Go  to 
Microsoft’s  support  site  at  http:// 
support.microsoft.com  for  a  tech¬ 
nical  article  on  using  Remote 
Access  Server  dial  to  reestablish  a 
dropped  connection. 


Technology  Update _ 

Covering:  Evolving  Technologies  and  Standards 

Access  specification  opens  WAN  ATM  doer 


By  Michael  Rubin  and  Jack  Yang 

Organizations  using  ATM  for 
wide-area  networking  have  one 
thing  in  common:  The  more 
efficiently  they  can  employ 
their  leased  lines  to  consolidate 
campus  traffic  before  it  hits  the 
WAN,  the  better. 

Inverse  Multiplexing  over 
ATM  (IMA)  is  one  of  the  tools 
for  that  job.  IMA  is  an  access 
specification  approved  in  1997 


by  the  ATM  Forum  as  a  User- 
Network  Interface  (UNI)  stan¬ 
dard  that  is  now  being  imple¬ 
mented  in  switches,  routers 
and  other  edge  devices. 

IMA  lets  network  managers 
gain  the  bandwidth  and  quali- 
ty-of-service  (QoS)  advantages 
of  ATM  —  in  the  campus  back¬ 
bone  or  en  route  to  carriers’ 
ATM  switches,  for  instance  — 
by  fanning  out  ATM  cells 
across  multiple  T-l/E-1  lines. 
T-ls  are  typically  inexpensive 
and  in  place;  with  IMA,  organi¬ 
zations  can  combine  them  as 
needed,  avoiding  the  cost, 
complexity  and  potentially 
wasted  capacity  of  higher  band¬ 
width  T-3/E-3  lines. 

IMA  is  derived  from  a  cir¬ 
cuit-switching  technique  called 
inverse  multiplexing,  which 
became  a  popular  alter¬ 
native  to  time-division  multi¬ 


plexing  (TDM). 

TDM  enabled  multiple 
streams  of  user  data  to  share  a 
common  medium  —  a  T-l  line 
—  but  maximum  bandwidth  for 
any  stream  was  limited  to  the 
bandwidth  of  the  individual 
line.  Inverse  multiplexing  solved 
the  problem  by  pooling  the 
bandwidth  of  several  T-l/E-ls 
into  a  single  larger  pipe.  TDM 
accomplished  this  by  spreading 


high-bandwidth  traffic  across 
multiple  T-l/E-ls,  synchroniz¬ 
ing  and  time-stamping  the  traf¬ 
fic,  then  merging  traffic  back  at 
the  receiving  end. 

IMA,  which  can  be  imple¬ 
mented  on  private  leased  lines 
or  offered  as  a  carrier  ATM  ser¬ 
vice,  uses  dre  same  approach.  It 
combines  multiple  T-l/E-1  cir¬ 
cuits  (1.544M  bit/sec  and 
2.048M  bit/sec,  respectively) 
into  one  logical  ATM  pipe. 
Unlike  the  vendor-proprietary 
TDM  inverse  multiplexing,  IMA 
ensures  interoperability  among 
IMA-compliant  products. 

In  operation,  IMA-equipped 
devices  perform  the  normal 
ATM  UNI  functions  of  segmen¬ 
tation  and  reassembly  of  larger 
frames  and  packets  into  ATM 
cells,  and  initiate  virtual  circuit 
connection  setups  across  the 
network. 


An  IMA  Control  Protocol 
then  establishes  the  inverse- 
multiplexed  UNI  by  aggregat¬ 
ing  traffic  from  the  campus 
links  into  one  physical-layer 
medium  and  distributing  ATM 
cell  streams  over  multiple  T-l 
circuits.  Cells  from  the  IMA 
access  concentrator  are  placed 
on  the  T-l  circuits  via  a  cyclic 
round-robin  approach.  IMA 
devices  also  exchange  control 


information  as  a  means  of 
monitoring  link  status  and 
ensuring  connection  quality. 

Because  the  IMA  ports  on  the 
receiving  switch  require  a  steady 
stream  of  cells  to  correcdy  re¬ 
create  the  original  stream,  the 
sending  device  introduces  filler 
cells  whenever  there  is  a  lull  in 
traffic  to  keep  the  round-robin 
process  synchronized.  At  the 
same  time,  to  reduce  bandwidth 
consumption,  IMA  removes  any 
idle  or  unassigned  cells  from 
die  access  stream  and  reinserts 
them  at  the  network  edge. 

Unlike  TDM  inverse  multi¬ 
plexing,  IMA  does  not  have  to 
be  supported  all  the  way  across 
the  WAN.  IMA  runs  from  the 
user  demarcation  point  to  the 
first  carrier  ATM  switch,  or  to 
the  nearest  ATM  backbone 
switch  in  private  networks.  At 
that  point,  traffic  is  demulti¬ 


plexed  and  carried  on  its  way 
through  the  wide  area  by  ATM’s 
convendonal  virtual  circuits. 

If  the  receiving  station  uses 
IMA,  the  same  procedure  hap¬ 
pens  in  reverse  between  the  net¬ 
work  edge  and  the  IMA  access 
device,  ending  in  individual  traf¬ 
fic  streams  on  the  LAN. 

Evaluating  IMA  implementations 

For  organizations  with  high- 
bandwidth  campus  traffic,  IMA 
has  the  potential  to  reduce 
complexity  by  letting  net  man¬ 
agers  consolidate  LAN,  PBX, 
legacy  data  and  video  circuits 
via  ATM.  Campus  backbone 
complexity  is  reduced  and  costs 
are  controlled  because  the 
organization  pays  only  for  the 
physical  capacity  it  needs. 

And  as  a  carrier  service,  IMA 
lets  carriers  offer  a  wider  range 
of  broadband-access  price 
points  —  this  ultimately  bene¬ 
fits  the  net  manager  as  well  as 
the  carrier. 

But  users  should  be  aware 
that  IMA  vendor  implementa¬ 
tions  will  vary.  For  example, 
fault  tolerance  and  the  ability  to 
add/ drop  gracefully  when  one 
of  several  links  fails  is  a  feature 
not  all  hardware  will  support. 

In  general,  performance  will 
favor  IMA  access  concentrators 
that  take  full  advantage  of 
ATM’s  sophisticated  capabili¬ 
ties  for  traffic  management, 
fault  tolerance  and  legacy 
equipment  interoperability 
through  ATM  Forum  stan¬ 
dards.  IMA  access  concentra¬ 
tors  should  be  able  to  manage 
bandwidth  to  provide  QoS  for 
voice  and  video,  while  shaping 
data  traffic  to  optimize  net¬ 
work  utilization. 

Finally,  IMA  product  lines 
should  be  offered  in  a  range  of 
scalable  configurations.  This 
will  pay  dividends  in  network 
flexibility,  efficient  utilization 
of  WAN  links  and  optimal  per- 
site  return  on  investment. 

Rubin  is  director  of  marketing  for 
the  Enterprise  Business  Unit  at 
3Com.  Yang  is  a  product  manager 
for  3Com 's  Carrier  Systems  Business 
Unit.  They  can  be  reached  at 
Michael_Rubin@3Com.  com  and 
Jack_  Yang@3Com.  com. 


HOW  IT  WORKS 

Inverse  Multiplexing 
over  ATM 


1 


Incoming  packet  streams  of 
data  and  voice  traffic  are 
transformed  into  ATM  cells  by 
an  IMA  access  concentrator. 


2 


ATM  cells  traverse 
leased  lines,  taking 
advantage  of  the 
different  ATM  service 
classes. 


IMA  is  an  ATM 
Forum-approved 
access  specifica¬ 
tion.  Built  into 
switches,  routers 
and  other  edge 
devices,  IMA 
devices  combine 
multiple  high-speed 
circuits  into  a 
single,  logical  pipe 
-  reducing  band¬ 
width  consumption 
and  providing  ATM 
QoS  guarantees. 


IMA 
concentrator 


Voice 


Company 

headquarters 
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ATM  switch 
supporting  IMA 


As  they  hit  the  public  WAN,  ATM 
cells  are  resequenced  by  a  carrier’s 
or  private  IMA-enabled  ATM  switch, 
which  might  actually  handle  IMA 
transmissions  from  a  number  of 
sources,  then  sent  across  the  WAN. 
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Challenge  Part  II: 


EDITORIAL i  «  •  *  i  *  •  • 

This  time  for  the  Layer  3  switch  vendors 


Last  week,  I  challenged  some  of  the  leading  ISPs  to  take 
part  in  our  ISP  Showdown  debate  at  Fall  Internet  World 
98  in  New  York.  Now  I’m  challenging  Layer  3  LAN 
switch  vendors  to  participate  in  the  Layer  3  Switching 
Showdown  at  the  upcoming  NetWorld+Interop  98  con¬ 
ference  in  Adanta.  With  this  showdown,  I’m  going  out  on  a  limb, 
and  I  really  hope  I  won’t  wind  up  regretung  my  decision. 

When  we  stage  one  of  these  presidential-style  debates  at  a  major 
trade  show,  we  usually  invite  no  more  than  six  vendors.  But  for  the 
Layer  3  event,  I’m  stretching  the  roster  to  seven  companies  —  a 
number  that  could  be  tough  to  control  in  this  interactive  forum. 
Based  on  discussions  with  readers  and  analysts,  I’m  challenging 
early  Layer  3  market  leaders  Bay,  3Com,  Cabletron,  Extreme 
Networks,  Foundry  Networks  and  Packet  Engines  to  send  a  CEO 
or  chief  technology  officer  to  take  part  in  the  showdown.  That’s  a 
good  mix  of  the  established  vendors  and  the  newcomers  that  are 
challenging  the  status  quo  with  their  Layer  3  offerings. 

Now  you,  alert  reader,  have  noted  that’s  only  six  companies. 

But  to  that  mix  I’m  also  adding  Cisco,  which  nearly  everyone 
thought  should  be  invited,  even  though  Cisco  hasn’t  been  a 
major  player  to  date  in  the  Layer  3  arena.  With  its  market  size, 


Cisco  will  clearly  have  a  big  influence  on  the  future  of  Layer  3, 
and  readers  need  to  know  where  the  company  intends  to  go.  The 
seven  companies  have  until  Sept.  7  to  confirm  their  participation 
in  the  Layer  3  Switching  Showdown,  which  will  be  held  from 
10:30  a.m.  to  noon  on  Oct.  22. 

In  the  first  portion  of  the  debate,  our  seven  stalwarts  will  face 
tough  questions  from  a  panel  of  experts,  including  Jim  Duffy,  a 
Network  World  senior  editor  covering  the  Layer  3  beat;  Esmeralda 
Silva,  a  top  LAN  market  analyst  with  International  Data  Corp.;  and 
Kevin  Tolly,  founder  of  The  Tolly  Group  consultancy. 

After  that  round  of  questioning,  the  vendor  panelists  will  have 
a  go  at  one  another  and  then  field  questions  from  our  audience. 

Our  goal  is  to  help  network  professionals  cut  through  all  the 
overgrown  rhetoric  about  Layer  3  switching  and  find  out  where  it 
makes  sense  in  their  networks.  What’s  more,  we’ll  help  net  man¬ 
agers  figure  out  which  vendor’s  products  best  fit  their  needs. 

So,  Bay,  3Com,  Cabletron,  Extreme,  Foundry,  Packet  Engines  and 
Cisco,  are  you  up  for  the  challenge?  I  hope  you’ll  all  agree  to  take 
part,  even  though  things  might  be  easier  if  one  of  you  declines. 

John  Gallant,  editor  in  chief  jgallant@nww.com 


On  Security  •  Winn  Schwartau 

Of  DIRT  and  placebos: 
Security  gets  scary 

©ome  disbelieving  readers  thought  my  recent  column  on  Data 
Interception  by  Remote  Transmission  (DIRT)  was  a  belated 
April  Fool’s  joke.  DIRT  is  no  joke;  it’s  a  legitimate  law  enforce¬ 
ment  tool  to  monitor  target  PCs  remotely  as  part  of  criminal  investi¬ 
gations.  My  concern  was  that  a  free  version  of  DIRT  eventually 
would  hit  the  Internet  —  and  it  has. 

On  Aug.  3  —  right  after  Def  Con,  the  annual  Las  Vegas  hacker 
convention  —  a  group  called  The  Cult  of  the  Dead  Cow 
(www.cultdeadcow.com)  released  the  first  version  of  a 
free  DIRT-like  tool  called  BackOrifice.  The  ostensible 
purpose  of  BackOrifice  is  to  provide  systems  administra¬ 
tors  with  remote  monitoring  tools,  including  keystroke 
capture. 

You  can  eradicate  this  first  version  of  BackOrifice 
from  your  computer  by  adding  this  code  to  your  autoex¬ 
ec.bat  file: 
cd\windows\gystem 
del  <alt>255<alt>.exe 

(Note  that  you  are  entering  ALT  Character  255,  which  is  a  blank 
space.  Do  not  use  the  space  bar.) 

Newer  strains  of  BackOrifice  might  have  different  names,  so  this 
approach  has  limitations.  Watch  www.infowar.com  for  updates. 

Now  back  to  our  regularly  scheduled  topic:  placebo  security. 
Clients  incessantly  ask  for  the  impossible.  They  want  to  increase 
security  without  spending  money.  They  want  to  address  internal 
and  external  security  concerns  without  affecting  network  function¬ 
ality  or  worker  productivity.  Impossible?  Not  with  placebo  security. 

Placebo  security  involves  purporting  to  have  security  mechanisms 
and  products  in  place  that  you  don’t  have.  Worried  about  declining 
employee  productivity?  Try  distributing  the  following  announce¬ 
ment  via  internal  e-mail:  “Beginning  Monday,  network  administra¬ 
tion  will  be  monitoring  every  keystroke  employees  make  at  their 
computers.  In  this  manner,  we  will  be  able  to  reward  higher  levels 
of  productivity  as  well  as  detect  illicit  computer  games.  Thank  you 
for  your  cooperation.” 

Of  course,  no  action  is  taken,  but  the  warning  is  clear. 

Similarly,  placebo  security  can  keep  crime-inclined  employees  on 


their  best  behavior.  One  firm  announced  it  had  installed  a  detection 
product  to  stop  rampant  laptop  theft.  Despite  the  fact  that  this  was  a 
placebo  protection  effort,  laptop  thefts  immediately  fell  from  more 
than  20  per  month  to  zero.  Now  that’s  cost-effective  security! 

For  remote  dial-in  applications  and  Internet  or  Web  pages,  warn¬ 
ings  such  as  the  following  can  reduce  the  likelihood  of  hacker  inci¬ 
dents:  “Welcome  to  our  site!  As  a  security  measure,  we  are  now 
downloading  a  cookie  to  your  desktop  as  a  means  of  verifying  your 
identity.  If  you  are  not  found  in  our  database  and  continue  to 
attempt  access,  we  will  immediately  contact  law  enforcement.” 

Or  you  can  get  more  aggressive.  This  is  a  message  I  found  on 
one  company’s  network:  ‘Your  identity  is  not  confirmed.  We  did  not 
find  you  in  our  database.  We 
are  now  downloading  an 
applet  that  will  make  your 
hard  disk  unusable.  Reboot 
immediately  to  prevent  this 
from  happening.”  A  count¬ 
down  clock  heightened  the 
tension. 

Placebo  security  doesn’t 
work  everywhere  or  every 
time.  But  it  can  help  ease 
security  woes  at  next  to  no 
cost.  On  the  other  hand, 
you  might  find  yourself  in 
an  ethical  conundrum  sur¬ 
rounding  some  of  the  meth¬ 
ods  used,  and  your  human 
resources  department  and 
legal  staff  may  have  a  thing 
or  two  to  say. 

Nevertheless,  it’s  an  option 
worth  considering. 


Schwartau  is  chief  operating 
officer  of  Security  Experts,  a  secu¬ 
rity  consulting  firm  in  Seminole, 
Fla.,  and  president  of  Infowar. 
Com,  a  leading  security  Web  site. 
He  can  be  reached  at  winn@ 
securityexperts.com  or  winn@ 
infowar.com. 


Send  letters  to  nwnews@maw.com  or John  Gallant, 
editor  in  chief,  Network  World,  161  Worcester  Road, 
Framingham,  MA  01701.  Please  include  phone 
number  and  address  for  verification 

Advice,  please 

Regarding  Mark  Gibbs’  col¬ 
umn  “Get  sensible  about  secur¬ 
ing  your  intranet”  ( IntraNet , 

July  1998,  page  18): 

I  manage  a  mid-size  enter¬ 
prise  network  of  about  80 
servers  and  800  users.  Gibbs’ 
remark  about  creating  an 
“intranet  instrumentation  sys¬ 
tem”  piqued  my  interest.  I 
would  like  to  know  more  about 
exactly  what  Gibbs  means  by 
that.  What  does  one  use  for 
this  purpose? 

Thomas  Arnold 
Network  manager 
VP  Buildings 
Memphis 
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— Telecom  Regulation  •  David  Rohde 

The  FCC  is  thinking  too  hard 


Oot  too  many  things  surprised  me  when  I  joined  Network  World's  editorial  staff 
in  1994.  But  one  thing  did,  big  time:  the  role  of  complexity  in  communica¬ 
tions  technology. 

Coming  from  a  telecom  tariff-analysis  firm,  I  always  assumed  complexity  was  nec¬ 
essary  and  even  commendable.  Hard  problems  require  hard  solutions.  Complica¬ 
tion  equals  sophistication. 

Of  course,  I  was  wrong.  Sure,  distributed  networks  are  complex,  sometimes  mind- 
numbingly  so.  But  all  other  things  being  equal,  the  simpler,  more  straightforward 
solution  wins.  This  is  a  lesson  that  has  been  lost  on  one  of  the  most  significant  insti¬ 
tutions  in  the  industry:  the  Federal  Communications  Commission.  That’s  shown  in 
what  I’ll  dub  the  Sad  Saga  of  Section  706. 

Section  706  is  one  of  seemingly  dozens  of  funny  add-ons  to  the  Telecom¬ 
munications  Act  of  1996  that  appear  to  have  been  tacked  on  as 
an  afterthought.  But  unlike  the  others,  it’s  not  a  sop  to  a  special- 
interest  group  such  as  pay-phone  providers  or  electronic-alarm 
makers.  Instead,  it  sets  out  a  laudable  goal:  The  FCC  must,  within 
30  months,  lay  out  a  plan  to  chop  away  at  unneeded  regulations 
slowing  the  deployment  of  broadband  data  services. 

Knowing  the  30-month  deadline  was  approaching  diis  month, 
some  of  the  regional  Bell  operating  companies  filed  petitions 
under  Section  706  to  deregulate  their  data  services.  RBOCs  said 
they  should  be  able  to  carry  high-speed  data  across  local  calling 
boundaries  even  before  they  won  general  long-distance  authori¬ 
ty.  And  RBOCs  claimed  they  should  not  have  to  resell  their  offerings  —  from  frame 
relay  to  digital  subscriber  lines  (DSL)  —  to  new  competitors. 

If  the  FCC  did  this,  the  RBOCs  promised,  DSL  lines  would  bloom  and  new  IP 
bandwidth  would  spring  up  because  RBOCs  would  finally  have  the  investment 
incentives  they  needed  to  become  serious  data  players. 

FCC  Chairman  William  Kennard  decided  the  RBOCs  had  a  point  and  said  so 
publicly.  Fire  bells  rang  in  the  long-distance  carriers’  lobbying  offices.  Lobbyists  ran 
over  to  the  FCC  and  reminded  it  that  RBOCs  still  have  a  powerful  choke-hold  on 
the  market,  a  hold  they  might  leverage  with  new  powers. 

Faced  with  these  conflicting  arguments,  the  FCC  split  the  difference  and  came  out 
with  a  monster.  Basically,  the  FCC  proposal  says  the  following  (stick  with  me  here) : 

No  RBOC  can  just  offer  deregulated  data  services.  Instead,  it  first  must  set  up  a 
separate  advanced-networks  subsidiary.  That  separate  subsidiary  has  to  follow  myriad 
special  accounting  rules.  If  it  does,  the  RBOC  can  move  its  DSL  termination  equip¬ 
ment  and  other  gear  into  the  subsidiary  and  not  offer  ports  to  competitors.  But  the 


RBOC  still  must  offer  space  in  its  central  offices  for  competitors’  equipment.  It  can¬ 
not  move  the  copper  loops  to  the  subsidiary  —  those  remain  with  the  parent  com 
pany  and  must  be  resold  to  competitors. 

There’s  more.  The  FCC  said  the  subsidiary  must  not  offer  any  voice  services  or 
even  integrated  voice  and  data  services.  Now  forget  for  a  minute  what  carriers 
should  or  shouldn’t  do.  How  is  the  government  going  to  stop  users  from  transmit¬ 
ting  voice  traffic  over  their  data  networks?  Is  the  FCC  going  to  send  the  voice  police 
to  your  office  to  see  if  you  have  voice  frame  relay  access  devices  or  integrated  access 
concentrators  attached  to  an  RBOC  advanced-networks  subsidiary? 

The  five  FCC  commissioners  congratulated  themselves  for  “crafting”  a  balanced 
proposal.  That  word,  widely  used  here  in  Washington,  D.C.,  always  spells  trouble:  It 
means  legislators  or  regulators  believe  they  have  precisely  defined  the  shape  of 
things  to  come.  The  real  reaction  in  the  market:  dismay.  The 
RBOCs  claim  the  proposal  adds  burdens  instead  of  removing 
them.  Long-distance  carriers  claim  RBOCs  could  abuse  their 
new  rights  to  create  a  “digital  monopoly.”  Wall  Street  says  the 
proposal  changes  nothing.  Users  are  confused. 

What  happens  next  will  be  depressingly  predictable.  The  carri¬ 
ers  will  engage  in  multiple  rounds  of  acrimonious  comment  let¬ 
ters,  picking  at  each  of  the  sections  of  the  Section  706  proposal 
they  don’t  like.  The  FCC  will  issue  a  final  rule  by  February,  prob¬ 
ably  even  more  complex  than  the  proposal.  Then,  assuming  no 
one  sues,  the  proposal  will  finally  become  law.  And,  if  all  of 
today’s  indications  hold,  none  of  the  RBOCs  will  set  up  the  separate  subsidiaries,  the 
point  of  Section  706  will  be  lost,  and  a  whole  year  and  a  half  will  have  been  wasted. 

There’s  another  problem  with  complicated  proposals  like  this:  They  steal  carrier 
executives’  attention.  I  guarantee  you  that  each  of  the  five  RBOC  CEOs  has  scruti¬ 
nized  the  proposal,  talked  to  investment  analysts  about  it  and  huddled  with  their 
legal  staffs  about  their  next  moves  over  it.  That’s  time  CEOs  could  have  spent  with 
engineers  and  marketing  executives  talking  about  actually  deploying  DSL. 

The  FCC  certainly  has  the  right  to  craft  painstakingly  complex  regulations  to 
cover  its  legal  obligation  to  implement  a  difficult  statute.  But  what’s  the  point  if  the 
regulations  don’t  change  anything  in  the  real  world?  Only  clear,  bold  steps  can  do 
that.  Memo  to  the  commissioners:  Stop  thinking  so  hard.  Sometimes  there  is  virtue 
in  simplicity,  even  in  Washington,  D.C. 

Rohde  is  Network  World  ’s  senior  editor  of  Carriers  &  ISPs.  He  can  be  reached  at  drohde@ 
nurw.com. 


Gibbs  replies:  I  would  use  log 
analyzers  (any  of  the  leading  prod¬ 
ucts),  site  analyzers  (for  example, 
Mercury  Interactive’s  Astra  Site- 
Manager),  traffic  capture  and 
profilers  (such  as  AbirNet’s 
SessionWall),  page  counters  and 
pretty  much  any  tool  that  would 
give  me  information  about  content 
use  (and  abuse)  and  user  behavior. 
Exactly  what  I’d  use  would  depend 
on  the  company,  the  type  of  infor¬ 
mation  being  used  and  the.  cost  of 
using  the  tool. 

No  comparison  to  marriage 

While  it  is  true  that  some 
parallels  can  be  drawn  between 
marriage  and  outsourcing  IT 
services  (the  intimate  nature  of 
the  relationship,  for  example), 

I  must  take  strong  exception  to 
the  way  in  which  your  feature 
“In  it  for  the  long  haul”  (Aug. 

3,  page  35)  considers  the  two 
to  be  analogous. 

Several  times  in  the  article 
and  sidebars,  it  was  implied 
that  dissolving  a  business  rela¬ 
tionship  is  perfectly  acceptable, 
even  normal,  just  like  dissolv¬ 


ing  a  marriage.  Indeed,  de¬ 
pending  on  how  you  read  it, 
one  can  get  the  impression  that 
business  deals  should  last 
longer  and  be  better  than 
marriages. 

What  the  author  fails  to  take 
into  consideration  is  that  the 
premise  of  the  two  relation¬ 
ships  is  entirely  different. 

Outsourcing  is  a  business 
deal,  a  contract,  not  (usually)  a 
personal  relationship.  It  is 
implicitly  understood  and  actu¬ 
ally  codified  in  documents  how 
things  will  be  settled  in  the 
event  the  relationship  sours. 
The  deal  is  expected  to  im¬ 
plode  at  some  point  in  time. 

While  perhaps  in  decline  in 
modern-day  society,  marriage  is 
an  oath  of  devotion  to  the 
other  partner.  Marriage  vows 
are  not  a  contract,  no  matter 
what  twisted  logic  is  applied  to 
justify  no-fault  divorce  or  its 
equivalents. 

The  marriage  vow  is  a  sacred 
thing  and  constitutes  a  willful 
decision  by  both  parties  to 
abide  by  every  term  therein 


contained,  regardless  of  per¬ 
sonal  cost.  I  doubt  your  writers 
would  treat  a  breach  of  any 
civil  servant’s  oath  of  office  as 
casually. 

Matthew  Patton 
Webmaster,  Resource  Analysis 
U.S.  Air  Force 
Arlington,  Va. 

Role  playing 

As  always,  I  enjoyed  Scott 
Bradner’s  column  “A  role  for 
technologists  in  Internet  man¬ 
agement?”  (Aug.  3,  page  30). 

I  have  a  few  dioughts  on  the 
subject. 

First,  Bradner  talks  about 
how  we  should  have  known  that 
the  power  of  the  Internet 
would  slip  away.  Unfortunately, 
governments  by  nature  do  not 
and  will  not  allow  others  to  con¬ 
trol  large  amounts  of  power. 

Bradner  points  out  the 
amount  of  power  that  “we” 
control  by  saying  that  the 
Internet  is  becoming  a  ubiqui¬ 
tous  connectivity  device.  Shame 
on  all  of  us  for  not  foreseeing 
that  the  government  would  get 


involved. 

Second,  Bradner  talks  about 
how  the  U.S.  might  back  out  of 
funding  Internet-related  pro¬ 
jects.  My  first  reaction  is,  too 
bad,  that’s  pretty  stupid. 

However,  would  we  not  be 
better  off  getting  rid  of  the 

Teletoons 


Washington  idiots  who  can’t 
use  a  PC,  let  alone  understand 
technology  and  its  implica¬ 
tions? 

Spence  Giacalone 
Senior  consultant 
Compaq  Services 
New  York 
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it  really  "morning  coffee"  if 

you're  having  it  at  two  in  the  morning? 


Interesting  how  the  perception  of  the  work  "day”  has  changed,  particularly  for 
the  communications  professional.  In  this  age  when  the  term  "morning  com¬ 
mute”  can  refer  as  easily  to  the  trip  home  from  work  as  the  trip  to  work,  and 
the  midnight  snack  is  often  pulled  from  the  office  refrigerator,  one  thing  is 
certain:  you  need  a  partner  that  works  the  same  schedule  you  do. 

A  partner  like  NTT  America. 

At  NTT  America’s  network  operation  centers,  for  example,  a  full  staff  of  trained 
technicians  is  there  to  provide  round-the-clock  full  network,  pro-active  moni¬ 
toring  and  diagnostics,  24  hours  a  day,  every  day  of  the  year. 

Then  there’s  the  constant  reliability  of  Arcstar,  our  brand-new  global 
communications  service.  Arcstar  delivers  the  most  dependable  and  affordable 
managed  Frame  Relay.  Private  Line,  ATM  and  IP  services  around  the  world. 

For  companies  connecting  with  Japan,  Asia  and  Europe,  NTT  America  is 
always  there  to  help,  no  matter  which  language  you  speak,  or  time  zone  you 
follow.  So  no  matter  how  late  you  work,  you’re  never  really  alone. 

Something  to  think  about  over  your  next  1  a.m.  "dinner.” 

®NTT 

America 


We  keep  you  in  the  loop.* 

For  more  information  about  how  NTT  America  keeps  you  in  the  loop  ( no  matter  what  time  of  day  or  night) 

©  1998  ntt  America,  inc.  call  1-800  4  NTT  USA.  Or  visit  our  website  at  http://www.nttamerica.com. 
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BUYER'S  GUIDE 

We  know  wh 

Different  approaches  to  network  authentication 
give  you  plenty  of  ways  to  prove  yourself,  but 
The  National  Registry ’s  SAF/nt 
tops  our  test  thanks  to  tight  ties 
with  Windows  NT. 


AUTHENTICATION 


f  you  break  into  a  cold  sweat  when  users 
tape  passwords  to  their  monitors  or 
insist  on  using  easily  guessed  passwords, 
maybe  it’s  time  to  consider  a  more 
advanced  authentication  system. 

Tokens,  smart  cards  and  biometrics  all  provide 
strong  security  without  undue  inconvenience,  and 
plenty  of  options  are  available. 

We  brought  four  authentication  packages  into 
the  lab  to  test  them.  The  National  Registry,  Inc.’s 
(NRI)  Secure  Authentication  Facility  for  NT 
(SAF/nt)  won  our  World  Class  Award  for  its  seam¬ 
less  integration  with  Windows  NT  and  support  for 
multiple  kinds  of  biometric  authentication.  You’ll 
find  the  full  test  results  in  the  Review  below. 


Our  Issues  and  Trends  story  on  page  39 
outlines  some  of  the  pros  and  cons  of  tokens,  smart 
cards  and  biometric  authentication  schemes, 
including  hardware  requirements,  network 
interoperability  issues  and  encryption  support. 

When  you’re  ready  to  evaluate  products,  go  to 
our  Interactive  Buyer’s  Guide  Chart  on  Network 
World  Fusion  (www.nwfusion.com)  for  the  full 
specifications  of  more  than  two  dozen  products. 
You  can  download  the  complete  chart  or  use  it 
online  to  find  products  that  meet  your  criteria. 


By  John  C  .  C  .  D  u  k  s  t  a 


When  it  comes  to  passwords,  users  are  lazy. 
Most  will  use  a  word  that  can  be  found  in  a  dic¬ 
tionary  or  a  spouse’s  name,  either  of  which  can 
be  guessed  or  hacked  with  minimal  effort.  You 
can  force  people  to  use  stronger  passwords,  but 
often  they’ll  just  write  them  down  on  Post-it 
Notes  and  stick  them  to  their  monitors.  And 
even  obscure,  reusable  passwords  are  subject  to 
eavesdropping  and  shoulder  surfing. 

For  strong  security,  you  need  strong  authenti¬ 


cation.  This  Buyer’s  Guide  looks  at  two  kinds  of 
strong  authentication  methods:  biometrics  and 
token-based  hardware.  Biometric  products 
employ  a  personal  characteristic  of  a  user  — 
such  as  a  fingerprint,  face  or  voice  —  to  deter¬ 
mine  that  the  person  is  who  he  says  he  is.  Token- 
based  products  use  a  physical  token  (usually  a 
credit  card-size  device)  to  verily  identity,  in 
much  the  same  way  that  automated  teller 
machines  require  a  bank  card  and  a  personal 
identification  number. 

There  are  a  number  of  strong  authentication 
products  on  the  market,  each  filling  a  certain 
niche.  To  level  the  playing  field  for  this  review,  we 
tested  products  that  bring  strong  authentication 
to  the  Windows  NT  domain  logon.  These  prod¬ 
ucts  replace  Windows  NT  Graphical  Identification 


and  Authentication  (GINA) ,  the  component  of 
the  network  client  that  handles  user  logons.  All 
the  products  we  reviewed  encrypt  communica¬ 
tions  between  the  client  and  the  server,  so  none 
would  be  subject  to  sniffer  attacks. 

For  integration  with  Windows  NT,  we  found 
NRI’s  SAF/nt  to  be  the  best.  The  company  has 
put  a  lot  of  effort  into  integrating  its  tools  with 
the  standard  NT  domain  utilities.  Those  features, 
in  combination  with  support  for  multiple  biomet¬ 
ric  authentication  methods,  earn  SAF/nt  our 
World  Class  Award. 

SAF/nt:  Don’t  worry,  be  HA-API 

With  NRI’s  SAF/nt,  you’re  not  limited  to  a 
single  type  of  biometric  authentication.  The 
company  has  incorporated  the  Human  Authen- 
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tication  API  (HA-API)  into  its 
products  to  allow  you  to  use  any 
qualified  Biometric  Service 
Provider  (BSP)  in  conjunction 
with  SAF/nt.  NRI  has  qualified 
fingerprint,  voice  and  face  BSPs 
for  use  with  SAF/nt. 

For  the  purpose  of  this  review, 
we  tested  the  SpeakerKey  voice 
verification  BSP  from  ITT 
Industries.  The  technology  used 
in  SpeakerKey  was  originally 
developed  by  ITT  Industries  for 
the  National  Security  Agency  for 
use  in  computer  access  control 
applications.  SpeakerKey  uses 
speaker-independent  digit  recog¬ 
nition  in  the  form  of  pseudo-ran¬ 
dom  number  doublets  (for  example,  “64-79,” 
spoken  as  “sixty-four,  seventy-nine”)  for  authenti¬ 
cation.  During  the  enrollment  process,  users  are 
prompted  to  say  twelve  doublets.  During  authen¬ 
tication,  users  are  prompted  to  say  two. 

SAF/nt’s  most  impressive  feature  is  its  level 
of  integration  with  Windows  NT.  Of  all  the 
products  reviewed,  it  is  by  far  the  best  in  this 
category. 

The  SAF/ nt  administration  utilities  are  seam¬ 
lessly  integrated  into  the  standard  NT  user  and 
server  managers.  This  eliminates  the  need  for 
the  system  administrator  to  enter  duplicate  data. 
When  you  add  a  user  to  a  domain,  you  merely 
have  to  click  the  “Biometric”  button  to  configure 
the  user’s  biometric  settings  and  enroll  them 
(See  Figure  1 ) .  The  program  also  adds  a  check 
box  in  the  server  settings  (under  NT’s  Server 
Manager)  to  set  the  workstation  or  server  as  bio- 
metrically  enabled. 

Client  use  is  equally  intuitive.  The  NRI  logon 
GINA  prompts  for  a  user’s  name  and  domain.  If 
users  are  configured  for  biometric  authentication, 
they  are  prompted  to  say  the  two  numeric  dou¬ 
blets  to  authenticate  themselves;  otherwise  they 
are  prompted  to  enter  their  regular  NT  domain 
passwords.  If  a  workstation  is  not  configured  for 
biometrics,  biometric  users  can  enter  their  user 
names,  domains  and  passwords  as  usual. 

The  SAF/ nt  server  installation  went  smoothly. 
SAF/ nt  requires  SQL  Server  to  handle  the  data¬ 
base  of  biometric  information.  The  only  thing  we 
found  confusing  was  that  the  manual  instructs  you 
to  install  the  BSPs  you  are  planning  to  use  before 
installing  the  SAF/ nt  server  package.  At  first  we 


Product:  Secure  Authentication 
Facility  for  NT 

Vendor:  The  National  Registry 

Tight  integration  with  Win- 
doius  NT,  in  combination  with 
support  for  multiple  biometric 
authentication  methods,  earns 
SAF/nt  our  World  Class  Award. 


were  a  bit  worried  about  getting 
locked  out  of  the  primary 
domain  controller  (PDC) ,  but 
NRI’s  support  folks  assured  us 
that  wouldn’t  happen.  Installing 
the  BSPs  in  advance  keeps  the 
SAF/nt  server  installer  from 
complaining  that  it  didn’t  find 
any.  If  you  plan  to  use  multiple 
BSPs,  you  should  install  them  all 
before  proceeding  to  install  the 
server  package. 

The  client  installation  came 
off  without  a  hitch.  However,  if 
you  should  ever  need  to  re¬ 
move  a  client,  SAF / nt  and  all 
the  other  products  we  re¬ 
viewed  uninstall  nicely  and 
return  the  machine  to  the  standard  NT  domain 
logon  GINA. 

For  a  primarily  NT  shop  that  wants  to  go  with 
biometric  authentication,  SAF/ nt  provides  a  level 
of  integration  with  NT  far  above  any  other  product 
reviewed  here.  If  most  of  the  machines  in  your 
company  have  sound  cards,  as  do  most  sold  in  the 
past  couple  of  years,  SAF/nt’s  voice  authentication 
can  be  an  inexpensive  biometric  option. 

Mytec’s  Touchstone:  Fingerprint  recognition 

Mytec  Technologies’  Biometric  Logon  for 
Windows  NT  is  a  software  add-on  that  replaces 
the  standard  NT  logon  with  biometric  verifica¬ 
tion  using  the  company’s  Touchstone  fingerprint 
reader.  Touchstone  uses  Mytec’s 
BioScrypt  technology,  which  takes 
the  image  of  a  fingerprint  and 
cryptographically  combines  it  with 
a  key  to  create  a  unique  identifier, 
called  a  BioScrypt  From  BioScrypt, 
the  fingerprint  image  cannot  be 
reverse-engineered.  Mytec’s  prod¬ 
uct  includes  fingerprint-reader 
hardware  and  software  and 
Mytec’s  Biometric  Logon  for 
Windows  NT  application. 

Enrolling  a  user  through  the 
BioScrypt  Manager  software  on 
the  client  is  straightforward.  A 
user  must  enter  a  user  name,  pass¬ 
word  and  domain.  He  is  then 
prompted  to  leave  four  finger¬ 
print  images  in  the  Touchstone 
unit.  For  an  additional  measure  of 


security,  you  can  make  users  enroll  while  they 
are  logged  on  under  a  domain  administrator’s 
account. 

Mytec  uses  a  sliding  technique  to  simplify 
image  capture.  Instead  of  having  a  user  try  to 
properly  center  his  fingers  every  time,  he  slides  a 
finger  across  a  glass  screen,  and  the  Touchstone 
unit  captures  the  image  when  it  is  properly  cen¬ 
tered.  It  takes  about  a  dozen  practice  runs  to  get 
the  slide  technique  down  pat. 

Day-to-day  use  of  Touchstone  is  easy.  To  log  on 
to  your  workstation,  you  enter  your  user  name 
and  press  Enter.  You  are  then  prompted  to  slide 
your  finger  across  the  Touchstone  reader.  The 
Mytec  GINA  loads  your  BioScrypt  into  the  Touch¬ 
stone.  All  the  comparison  work  is  done  in  the 
processor  of  the  Touchstone  unit  in  about  half  a 
second,  making  for  a  super-fast  logon  process. 

From  a  security  standpoint,  Touchstone  is  ter¬ 
rific.  You  can  configure  the  GINA  to  only  allow 
biometric  logons  if  you  are  protecting  a  certain 
workstation.  You  also  can  configure  the  GINA  to 
require  biometric  logons  for  enrolled  users  and 
allow  password  logons  for  unenrolled  users.  The 
product  writes  to  the  standard  NT  security  logs, 
so  if  you’ve  already  set  up  an  audit  process,  noth¬ 
ing  has  to  change. 

Installation  couldn’t  be  easier;  it  takes  only 
three  diskettes.  At  the  PDC,  we  selected  the 
BioScrypt  server  option,  which  creates  a  shared 
directory  for  BioScrypts.  By  default,  the 
BioScrypts’  shared  directory  is  set  to  be  world- 
readable  and  world-writable.  To  tighten  security, 


Groups 


Uset  Musi  Change  Password  al  f 
P  User  Cannot  Change  Password 
p\  Password  Never  Expires 
P  Account  Disabled 
P  Account  Locked  Out 

"..v  “•  '  -  .  ;  ■  i; 


Biometric  Information 


User  john 
Select  Biometric  Technology: 
I  SpeakerKey 


R  Biometric  Authentication  Required  at  Logon 


_ 

m 

I  15 

© 

s-*H 

c§k 

% 

%  I 

Groups 

|  Profile 

Hours 

Logon  To 

Account 

Didh 

Biometric  | 

t  Domain  Admins 


Designated  administrators  of  the  domain 


Figure  1:  SAF/nt  integrates  seamlessly  with  Windows  NT.  A  button  on  the  NT 
User  Properties  screen  lets  you  specify  which  biometric  security  scheme  to  use  and 
whether  to  force  biometric  logon. 
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SAF/nt  2.0 

The  National  Registry 
(813)  636-0099 
immu.sajlink.com 

hieing  starts  at  $149  per  ruorkstation  for 
SAF/nt  client  (includes  Finger  BSP) 
Additional  $39  per  workstation  for  ITT 
SpeakerKey  BSP 
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Touchstone  1.0 

Mytec  Technologies 
(416)  467-3330 
www.mytec.com 

Pricing  starts  at  $750  per  workstation 


TrueFace  Network  2.0 

Miros 

(781)  235-0330 
www.miros.com 

Pricing  starts  at  $99  per  workstation 


ACE/Server  with  SecuriD 

Security  Dynamics  Technologies 
(800)  732-8743 
www.  securid.  com 

Pricing  starts  at  $3, 950 for  a  25-user 
license.  Also  must  purchase  tokens  at 
$62  each 


PROS 


Best  integration  with  Windows  NT 
No  additional  hardware  needed 
if  vour  PC  has  a  sound  card 


Fast  and  reliable  authentication 


Integrates  well  with  NT 


Excellent  multiplatform  solution 


CONS 


▼  Using  any  other  biometric 
technology  requires  additional 
hardware  expense 


▼  Expensive 


▼  Very  sensitive  to  changes  in  lighting 

▼  Additional  expense  for  video 
capture  hardware 


▼  Not  very  well  integrated  with  NT 

▼  Expensive 

▼  Tokens  cost  extra 
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SAF/nt 


Touchstone 


TrueFace 

Network 


ACE/Server 
with  SecuriD 


NT  integration  (40%) 

10x.40-4.00 

7x.40-2.80 

8x.40-3.20 

5x.40-2.00 

Client  ease  of  use  (20%) 

9x.20-  1.80 

9x.20-1.80 

5  x. 20 -1.00 

7  x. 20 -1.40 

Time  to  authenticate  (10%) 

8x.10-0.80 

10x.10-1.00 

7x.10-0.70 

8x.10-0.80 

Server  installation  (10%) 

8x.10-0.80 

9x.10-0.90 

7x.10-0.70 

7  x. 10 -0.70 

Client  installation  (10%) 

9x.10-0.90 

9x.10-0.90 

7x.10-0.70 

8  x. 10 -0.80 

. . . 

- - - - ---r- 

- 

. ----- . 

--------- 

Documentation  (10%) 

9x.10-0.90 

9x.10-0.90 

3x.10-0.30 

9  x. 10 -0.90 

Total  score 

9.20 

8.30 

6.60 

6.60 

Individual  category  scores  are  based  on  a  scale  of  1  to  10.  Percentages  are  the  weight  given  each  category  in  determining  the 
total  score. 

we  recommend  you  give  write  access  to  domain 
administrators  only.  You  must  leave  it  world- 
readable  so  the  Biometric  Logon  client  can 
access  the  shared  directory  before  the  user  is 
logged  on. 

The  workstation  install  was  as  easy  as  it  was 
on  the  server  side.  The  installation  procedure 
installs  a  service  that  communicates  with  the 
Touchstone  device  and  the  Mytec  GINA. 

The  only  real  drawback  with  Touchstone  is  the 
high  price.  At  $750  per  workstation,  the  expense 
of  this  high-quality  biometric  product  may  prove 
prohibitive. 

Miros’  TrueFace:  Observe  caution 

If  capturing  fingerprints  seems  a  little  too 
much  like  law  enforcement,  you  can  also  look 
authentication  in  the  face.  Face-recognition 
products  use  a  digital  camera  to  validate  the  user 
in  front  of  the  screen.  However,  the  face-recogni¬ 
tion  product  we  tested,  TrueFace  Network  2.0 
from  Miros,  could  be  a  hassle  to  deploy  in  a 
large  corporate  environment.  TrueFace  has  a 
kludgy  user  interface  and  requires  a  lot  of 
administrative  effort  to  maintain. 

Security-wise,  our  main  objection  to  TrueFace  is 
its  use  of  thresholds  in  the  recognition  process. 
For  each  user,  you  can  set  a  threshold  ranging 
from  zero  to  10  to  specify  how  close  a  match  you 
want  the  product’s  neural  network  face-recogni¬ 
tion  engine  to  make.  You  also  set  a  default  thresh¬ 
old  for  all  new  users.  With  the  extra  administra¬ 
tive  process  of  adding  images  to  the  database  to 
compensate  for  different  lighting  conditions  and 
false  negatives,  we  can  easily  imagine  administra¬ 
tors  tweaking  the  threshold  downward  over  time 
to  compensate  for  the  additional  work. 

User  enrollment  is  simple,  though  it  must  be 
performed  at  a  workstation  logged  on  as  a 
domain  administrator  or  else  the  enrollment 
application  shuts  down 
access  to  the  video-cap¬ 
ture  device.  The  applica¬ 
tion  captures  at  least  a 
couple  of  pictures  of  users 
by  having  them  center 
their  faces  in  the  capture 
window  and  click  in  the 
image  window.  Miros  rec¬ 
ommends  keeping  about 
a  dozen  images  of  each 
user  on  the  server,  each 
with  different  lighting. 

The  more  images  avail¬ 
able  to  the  neural  net¬ 
work  engine  that  per¬ 
forms  the  face  recogni¬ 
tion,  the  less  chance  it 
will  toss  out  false  nega¬ 
tives,  which  means  it 
failed  to  recognize  an  authorized  user. 

From  an  end-user  perspective,  TrueFace  is  rea¬ 
sonably  easy  to  use,  but  not  very  intuitive.  To  log 
on  to  a  workstation,  users  need  to  enter  their 
user  names  and  domain  passwords,  then  press 
Enter.  A  video-capture  window  pops  up,  first  in 
the  top  left  corner  of  the  screen  and  then  in  the 
top  tight  comer.  There’s  no  “OK”  or  “Capture 
Image”  button  on  the  window  as  you  might 
expect;  users  must  figure  out  that  they  need  to 
click  in  the  capture  window  to  tell  the  applica¬ 
tion  to  take  their  pictures.  There  are  buttons  on 


the  window  to  adjust  the  color  settings,  but  they 
seem  to  work  only  sporadically. 

If  a  user  fails  to  authenticate  on  the  first  try,  a 
message  box  pops  up  to  tell  the  user  he  has  three 
more  attempts.  If  the  user  fails  all  attempts,  his 
account  is  locked  out  and  must  be  unlocked  by 
an  administrator. 

Authentication  time  can  be  an  issue  if  you 
don’t  have  a  really  beefy  server  on  the  back  end. 
All  the  image  processing  and  comparison  hap¬ 
pens  at  the  TrueFace  server.  Miros  recommends 
a  200-MHz  Pentium  Pro  with  96M  bytes  of  mem¬ 
ory  as  a  minimum.  With  the  recommended 
server  configuration,  authentication  time  should 
be  between  five  and  15  seconds  —  not  bad,  but 
not  as  fast  as  Mytec’s  Biometric  Logon  for 
Windows  NT.  On  our  underpowered  133-MHz 
Pentium,  True-Face  authentication  took  as  long 
as  60  seconds. 

The  TrueFace  Server 
Administrator  program 
requires  that  you  authen¬ 
ticate  your  own  face  to 
get  into  the  package. 
(Don’t  worry,  there’s  a 
default  administrative 
user  you  can  use  for  ini¬ 
tial  setup.)  Once  authen¬ 
ticated,  you  can  add, 
delete  and  edit  user 
records,  examine  the 
authentication  logs, 
including  the  images  cap¬ 
tured  (see  Figure  2),  and 
add  images  to  a  user’s 
profile. 

Fortunately,  in  Version 
2.0,  TrueFace  can  pull 
user  data  out  of  the  NT 
Security  Accounts  Manager,  saving  you  from  hav¬ 
ing  to  reenter  data  you  already  entered  when  you 
added  users  to  the  NT  domain.  You’ll  still  be 
adding  a  lot  of  images  to  user  profiles  while  you 
deploy  the  product;  until  you  get  the  right  mix  of 
images  for  the  neural  net,  you’ll  probably  have 
many  false  negatives  to  deal  with  and  many  frus¬ 
trated  users. 

The  biggest  factor  contributing  to  false  nega¬ 
tives  from  TrueFace  is  lighting.  It’s  best  to  have  a 
few  images  from  each  possible  lighting  condi¬ 
tion.  For  an  office  under  constant  artificial  light¬ 


ing,  this  shouldn’t  be  a  problem.  But  for  an 
office  with  a  window,  it  takes  some  work  to  get 
the  range  of  images  just  right. 

We  had  the  opportunity  to  test  the  effect  a 
change  in  hair  color  has  on  TrueFace.  One  of 
our  testers  lightened  his  hair  from  medium 
brown  to  light  blond  during  the  testing,  and 
TrueFace  handled  it  just  fine,  showing  that  the 
product  does  focus  solely  on  the  facial  features. 

TrueFace ’s  server  installation  went  fairly 
smoothly.  It  requires  that  Microsoft  SQL  Server 
6.5  be  installed  somewhere  on  your  network 
(not  necessarily  on  the  PDC) . 

While  the  initial  server  software  install  was  fairly 
uneventful,  we  stumbled  over  the  SQL  Server 
Open  Database  Connectivity  driver;  it  was  unable 
to  change  the  default  database.  However,  Miros 
has  clearly  noted  the  workaround  in  the  installa¬ 
tion  instructions.  After  you  get  the  TrueFace  serv¬ 
er  installed,  you  have  to  run  a  couple  of  SQL 
queries  to  set  up  its  database  in  SQL  Server. 

ACE/Server  with  SecuriD:  An  ACE  in  the  hole 

SecuriD  by  Security  Dynamics  Technologies  is  a 
token-based  authentication  product;  its  server-side 
software  component  is  ACE/Server.  In  order  to 
log  on  to  a  system  protected  by  SecuriD,  you  must 
enter  a  passcode  from  a  credit  card-size  token  in 
place  of  a  normal  password.  The  token  has  an 
LCD  display  that  produces  a  new  passcode  every 
60  seconds,  whether  or  not  the  user  needs  it. 

SecuriD  was  originally  designed  to  provide  two- 
factor  authentication  for  remote  network  access. 
Security  Dynamics  has  since  expanded  the 
SecuriD  product  line  to  provide  two-factor  auth¬ 
entication  on  Windows  NT,  Novell’s  NetWare, 
Netscape’s  server  products,  Microsoft  Internet 
Information  Server  and  all  major  Unix  platforms. 

We  like  SecuriD  for  a  large  multiplatform 
environment,  especially  considering  that  it  sup¬ 
ports  Remote  Authentication  Dial-In  User 
Service  for  authenticating  dial-up  users.  Security 
Dynamics  provides  a  facility  for  importing  user 
data,  so  if  you  can  export  it  out  of  your  NT 
domain,  you  can  save  yourself  the  extra  work.  If 
you  can’t,  you’ll  end  up  entering  user  data  twice. 

The  ACE/ Agent  client  is  easy  to  use.  If  users 
are  members  of  a  group  that  requires  authenti¬ 
cation,  they  are  prompted  to  enter  SecuriD  pass- 
codes  when  logging  on  to  domain  workstations. 

Security  Dynamics  has  done  a  decent  job  of 


Figure  2:  TrueFace’s  administration  program  lets  you 
examine  events  in  an  authentication  log  and  shows 
the  face  associated  luith  each  event. 
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porting  its  traditionally  Unix-based  ACE/Server  to 
Windows  NT,  but  the  administration  graphical 
user  interface  (GUI)  contains  a  lot  of  fields  that 
are  inappropriate  in  a  purely  Windows  shop. 
There  is  a  field  for  a  default  shell,  for  example, 
which  makes  sense  in  a  Unix  environment  but  is 
meaningless  to  Windows.  However,  if  you  are 
managing  a  multiplatform  environment,  keeping 
all  the  information  in  a  single  server  database 
could  save  you  some  hassle  and  secure  all  your 
computing  and  network  resources.  The  server 
database  runs  on  a  Progress  Software  RDBMS32 
run-time  engine,  and  the  administration  GUI  is  a 
Progress  4GL  application. 

You  definitely  want  to  read  the  manual  carefully 
before  you  start  installing  the  product,  including 
the  booklet-size  deployment  guide.  Two  things  to 
note:  You  need  to  install  the  server  software  onto 
an  NT  File  System  partition,  and  you  should  sync 
your  server’s  clock  to  a  Stratum  1  or  2  time  server 
before  installation.  Stratum  1  time  servers  get 


How  we  did  it 


We  installed  the  server  component  of  each  prod¬ 
uct  on  a  133-MHz  Pentium  with  80M  bytes  of  mem¬ 
ory  running  Windows  NT  Server  4.0  with  Service 
Pack  3.  Our  test  client  was  a  266-MHz  Pentium  II 
with  64M  bytes  of  memory.  We  tested  each  biomet¬ 
ric  product  for  false  positive  and  negative  results, 
and  evaluated  all  the  products’  installation,  end- 
user  interface  and  administrative  overhead. 

their  time  direcdy  from  atomic  clocks;  Stratum  2 
time  servers  get  their  time  from  Stratum  1  time 
servers.  SecurlD  cards  and  their  ACE/Servers 
must  be  time-synced  so  their  tokens  agree. 

The  server  installation  process  creates  four 
NT  groups  specifically  for  SecurlD,  two  for 
remote  logon  (via  Microsoft’s  Remote  Access) 
and  two  for  console  logon.  If  you  assign  a  user 


! 

to  one  of  these  groups,  the  ACE/Agent  will 
prompt  for  a  passcode  during  logon.  Unfor¬ 
tunately,  you  cannot  designate  existing  groups 
that  must  be  authenticated  in  place  of  one  of 
the  four  SecurlD  groups. 

Client  installation  is  simple.  You  install  the 
client  and  copy  a  configuration  file  from  your 
ACE/Server  to  the  workstation. 

Each  product  has  its  strengths  and  weak¬ 
nesses,  but  for  overall  integration  with  Win¬ 
dows  NT,  NRI’s  SAF/nt  wins  hands  down.  NRI 
has  done  an  excellent  job  of  bringing  strong 
authentication  directly  into  the  standard  NT 
domain  utilities.  SAF/ nt  also  has  the  advan¬ 
tage  of  being  able  to  provide  multiple  types  of 
biometric  logons,  something  none  of  the 
other  products  has  done. 

Duksta  is  a  systems  engineer  at  GTE  Internet¬ 
working  in  Waltham,  Mass.  He  can  be  reached  at 
j duksta  @ techie .  com. 


Identity  confirmed 

Token,  smart  card  and  biometric  authentication  schemes  are  gradually 
making  their  way  from  the  movies  to  the  mainstream. 


By  Frederick  M  .  A  v  o  l  i  o 


Ohe  tall,  slim,  tuxedo-clad  figure  moves 
i  purposefully.  He  approaches  a  console 
|  and  lays  his  hand  on  a  flat  glass  plate 
that  scans  the  geometry  of  his  hand  and 
checks  his  fingerprints.  “Identity  con¬ 
firmed,”  a  recorded  voice  says.  He  enters  an  eleva¬ 
tor  and  the  thin  red  line  of  a  laser  crosses  his  right 
eye,  scanning  the  retina.  “Identity  confirmed,”  the 
recorded  voice  states  again.  The  elevator  door 
opens  in  front  of  an  abyss.  While  taking  his  first 
step  into  what  appears  to  be  a  100-foot  drop,  our 
hero  says,  “Bond.  James  Bond,”  and  a  metallic 
walkway  flashes  into  place  as  the  recorded  voice 
says,  “Access  permitted  to  Agent  007.” 

The  hidden  walkway  is  a  bit  much,  but  this 


ISSUES 


AND  TRENDS 


television  commercial  for  Visa  and  the  movie 
“Tomorrow  Never  Dies”  isn’t  all  that  far  off  in 
terms  of  depicting  the  kinds  of  biometric  authen¬ 
tication  mechanisms  mainstream  businesses  are 
now  deploying  to  ensure  no  unscrupulous  types 
access  their  systems  and  networks. 

Authentication  is  the  process  by  which  users 
prove  they  are  who  they  claim  to  be.  For  this 
Buyer’s  Guide,  we’re  exploring  three  basic  types 
of  authentication  products:  tokens,  smart  cards 
and  biometric  devices. 

If  you  need  an  authentication  system  that 
works  with  firewalls  and  dial-in  servers,  tokens  or 
smart  cards  are  your  best  bets.  If  you  want  prod¬ 


ucts  that  lock  a  PC  unless  its  user  is  physically  sit¬ 
ting  in  front  of  it,  biometric  devices  are  a  good 
choice.  If  you  want  to  be  able  to  do  both,  plus 
control  access  to  network  and  application 
servers,  be  prepared  to  compromise  or  wait. 

Proving  your  presence 

Tokens  have  been  available  for  several  years. 
Priced  at  about  $50  to  $100  each,  the  products 
use  cryptography  and  passwords  or  personal  iden¬ 
tification  numbers  to  establish  identity.  Some  of 
the  first  tokens  include  Axent  Technologies’ 
Defender  Security  Server  and  Defender  Hand 
Held  Tokens;  Crypto  Card’s  CryptoAdmin  3.0 
and  Tokens;  and  Security  Dynamics’  SecurlD. 

Smart  cards  are  credit  card-size  devices  that 
work  in  much  the  same  way  as  tokens.  The  prod¬ 
ucts  cost  about  $100  each  and  typically  come  with 
a  smart  card  reader.  Smart  cards  rated  in  the  on¬ 
line  Buyer’s  Guide  chart  (www.nwfusion.com)  in¬ 
clude  ActivCard’s  ActivPack/ ActivCard  Gold, 
GemPlus’  GemSAFE  tokens  and  V-ONE’s 
SmartGate. 

Biometric  devices  use  personal  characteristics 
to  verify  a  user’s  identity.  These  characteristics 
can  include  face  recognition,  fingerprint  or  eye 
scans,  and  voice  identification.  Prices  for  biomet¬ 
ric  products  range  from  just  under  $100  to  several 
hundred  dollars  per  unit,  depending  on  the 
device  type  and  amount  purchased. 

Face  recognition  requires  a  digital  or  video 
camera.  Products  such  as  Miros’  TrueFace 
Network  and  Visionic’s  Facelt  identify  users  by 
having  them  mug  for  the  camera. 

Fingerprint-recognition  products  include 
American  Biometrics’  BioMouse  Plus,  Biometric 
Access’  SecureTouch  98,  Mytec  Technologies’ 


Touchstone  and  NEC’s  TouchPass. 

Although  eye  recognition  is  very  accurate,  few 
vendors  have  developed  products  that  use  the 
technology  to  provide  network  access.  IriScan  is 
expected  to  release  an  iris-recognition  system  for 
network  authentication  next  year.  Eye  recogni¬ 
tion  requires  a  specialized  camera  and  light. 

Voice  identification  uses  a  microphone  and 
sound  card,  both  of  which  come  as  standard 
equipment  on  most  PCs.  QVoice’s  Who  Is  It, 
T-Netix’s  VoicEntry  II  and  Vasco  Data  Security’s 
VACMan/Enterprise  Security  Suite  perform 
voice  recognition. 

Although  biometric  products  have  been 
around  for  several  years,  affordable  mid-  and  low- 
end  biometric  systems  are  relatively  new.  The 
market  is  in  its  infancy,  but  more  vendors  are  re¬ 
leasing  biometric  authentication  products  and 
usability  is  improving,  says  David  Harper,  program 
manager  of  the  International  Computer  Security 
Association’s  (ICSA)  Biometric  Consortium  in 
Carlisle,  Pa.  The  chief  benefit  of  biometric 
authentication  is  the  technology’s  convenience 
for  users.  For  ironclad  security,  look  for  a  prod¬ 
uct  that  links  biometrics  with  another  authenti¬ 
cation  method.  For  example,  American  Bio¬ 
metrics’  BioMouse  Plus  fingerprint  scanner  can 
be  used  in  conjunction  with  a  password  system. 

Integration  is  essential 

One  of  the  most  important  considerations  when 
choosing  an  authentication  product  is  integration. 
The  lack  of  standard  APIs  means  authentication 
products  often  will  work  with  one  network  operat¬ 
ing  system  or  firewall  but  not  another. 

Tokens  typically  integrate  with  more  products 
than  biometric  devices  because  the  cryptographic 
products  got  a  head  start  in  the  market.  However, 
numerous  biometric  API  standards  efforts  are  in 
the  works,  including  Biometrics  Application 
Program  Interface,  Human  Authentication  API 
and  Speaker  Verification  API. 

Be  patient  —  widespread  integration  of  strong 
authentication  devices  with  computer  and  net¬ 
work  systems  will  happen  in  a  few  years.  Con¬ 
sumer  demand  for  the  products  should  help  spur 
this  process,  as  will  certification  and  testing  pro¬ 
grams  in  organizations  such  as  the  Biometric 
Consortium  and  die  ICSA 
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As  you  evaluate  authentication  prod¬ 
ucts,  remember  that  one  size  doesn’t  fit 
all.  Tokens  or  smart  cards  might  suit  the 
road  warriors  in  your  company  who 
need  to  authenticate  themselves  from 
hotels  using  notebook  PCs,  whereas 
face  recognition  and  the  accompanying 


video  cameras  might  be  perfect  for 
desktop  users. 

Check  to  see  if  intruders  can  thwart 
the  authentication  device  by  rebooting 
the  PC  or  copying  a  datastream  from  a 
fingerprint  reader  to  a  server  and  later 
replaying  it. 


The  tokens  listed  in  the  online  chart 
will  give  you  little  cause  for  concern  — 
all  use  strong  cryptographic  methods 
and  very  random  numbers  to  make  a 
replay  attack  practically  impossible. 

However,  biometric  authentication  is 
somewhat  less  secure.  Biometric  prod- 
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As  the  technology  matures  to  a  point  of  mass  user  adoption, 
frame  relay  continues  its  explosive  growth  trend  in  1 998.  Frame 
relay  has  proven  it  can  deliver  the  increased  performance  and 
network  efficiencies  IT  managers  are  looking  for  while  at  the 
same  time  decreasing  their  overall  operations  costs.  In  addition, 
carriers  and  equipment  vendors  continue  to  deliver  the  enhanced 
services  and  capabilities  necessary  for  managers  to  address  today’s 
and  tomorrow’s  application  needs. 


Whether  you  are  a  network/telecom  planner,  manager,  designer 
or  administrator,  Frame  Relay  ’98  will  provide  you  with  the 
information  and  insight  necessary  to  understand  the  technology 
and  services  allowing  you  to  more  efficiently  and  effectively  deploy, 
expand,  manage,  and  guarantee  reliability  of  your  network.  And 
for  those  individuals  that  are  still  deciding  whether  to  incorporate 
frame  relay  in  their  network,  this  seminar  also  covers  the  basics  in 
enough  detail  to  help  you  make  a  decision  and  get  you  going. 
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JRjpit  with  seminar  sponsor  representatives  to  discuss  your  specific  needs 
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ucts  must  use  Data  Encryption  Standard 
or  Triple  DES  between  the  device  and 
the  server  to  protect  against  intrusion. 

By  asking  the  right  questions  and 
combining  different  authentication 
techniques,  you  can  obtain  network 
security  that’s  easy  for  users  to  operate 
and  difficult  for  potential  intruders  to 
thwart. 

Avolio  is  an  independent  security  consul¬ 
tant  in  Lisbon,  Md.  He  can  be  reached  at 
fred@avolio.  com. 


Get  more  online: 

Don’t  miss  our  down¬ 
loadable  Buyer’s  Guide 
chart  of  authentication 
packages  on  NetworkWorld  Fusion 
(www.nwfusion.com).  You’ll  also  find  an  inter¬ 
active  questionnaire  that  helps  you  choose  an 
authentication  package  based  on  the  criteria 
you  deem  most  important 

In  addition  to  products  we  tested  from  NRI, 
Mytec,  Miras  and  Security  Dynamics,  the  chart 
includes: 

•  ActivPack  with  ActivCard  Gold  from 
ActivCard. 

•  BioMouse  Pius  from  American  Biometric. 

•  Defender  Security  Server  and  Defender 
Hand  HeMlokensfromAXENrfechiiologes. 

•  SecureTouch  98  from  Biometric  Access. 

•  CRYPTQAdmin  3.0  and  Tokens  from 
CRYPIDCard. 

•  PrivateSafe  with  PrivateCard  and 
Crypto  Kit  from  Cyilnk. 

•  BIO-2  Screensaver  from  Design 
and  Education. 

•  U.  are  U.  Fingerprint  Recognition  System 
from  Digital  Persona. 

•  GemSAFE  from  Gemplus. 

•  TouchNet  for  Oracle  from  Identix. 

•  SafeNet/Smart-D  and  SafeNet/ 

Smart-P  from  Information  Resource 
Engineering. 

•  CflADEL  Gatekeeper  from  INIEUTRAK 
Technologies. 

•  SecureSurte/Sony  Fill  from  I/O 
Software. 

•  TraqNet  8000  SafeAccess  Server  from 
LeeMah  Data  com. 

•  TouchPass  from  NEC  Technologies. 

•  Who  Is  It  from  Q Voice. 

•  TrostMe/WatchWordll/WatchWbrd 
Smart  Token  from  Racal-Datacom. 

•  SACcat  from  SAC  Technologies. 

•  SafeWord/SafeWord  Platinum  from 
Secure  Computing. 

•  VoicEntry  II  fromT-Netix. 

•  VACMan/ Enterprise  Security 
Suite  from  VASCO  Data  Security 

•  Face  It  from  Vlsionics. 

•  SmartGate  from  V-One. 

In  addition,  you’ll  find: 

•  Research  from  The  Biometrics 
Consortium. 

•  The  ICSA’s  tutorial  on  biometrics. 

•  Resources  on  face  recognition  and 
fingerprint  identification. 
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Maitigement  Strategic 

Team  intranel 


IT  managers  say  building  a  diverse,  harmonious  construction  team  is  the  first  step  toward  a  rock-solid  intranet. 


o  More  resources  on  team  building 


ision.com 


By  Peggy  Watt 

Woo  goes  further,  protecting  a  project’s 
momentum  from  staff  departures  by  rotating 
the  programmers.  “One  Global  Village  work 
ethic  is  that  nobody  owns  applications,”  Woo 
says.  “I  move  people  around  applications  and 
projects,  weekly  or  even  more  often.” 

Consequently,  coders  are  diligent  about  mak¬ 
ing  program  notes.  “People  are  starting  to  real¬ 
ize  I’m  serious  about  this  team-building  busi¬ 
ness,”  Woo  says. 


Foote  also  endorses  nonmonetary  rewards, 
which  he  divides  into  categories.  There  are  the 
“showy”  ones,  such  as  naming  an  employee  of 
the  month  or  gifts  of  jewelry  emblazoned  with 
the  company  logo.  Others  are  “pampering,”  such 
as  tickets  to  sports  events,  gift  certificates  or  trav¬ 
el  vouchers.  Foote’s  third  category  is  most  tangi¬ 
ble,  what  he  calls  “useful”  rewards  such  as  time 
off,  stock,  a  plum  assignment  or  the  opportunity 
to  telecommute  or  take  special  training. 

Development  teams  at  Solectron  in  Milpitas, 
Calif.,  have  been  rewarded  by  going  en  masse 
to  courses  by  Microsoft.  The  benefits  are  three¬ 
fold,  says  Ken  Ouchi,  the  company’s  chief 
information  officer.  Team  members  feel  they 
are  on  the  leading  edge,  the  training  promotes 
team  synchronization  and  the  off-site  trip 
encourages  bonding. 

Programmers  are  solitary  types  who  should 
be  reminded  that  intranet-building  is  a  team 
project,  Woo  says.  “The  big  things  can’t  be 
done  by  one  person,  no  matter  how  big  the 
machine,”  he  adds. 

One  of  Woo’s  tricks  is  to  shun  cubicles  in 
favor  of  clustering  workers  at  shared  large 


tables,  at  which  they  are  more  likely  to  brain¬ 
storm.  Woo  finds  the  seating  arrangement  pro¬ 
motes  energy  and  collaboration. 

Similarly,  avoid  hierarchy,  suggests  Tom 
Herring,  senior  vice  president  and  general  man¬ 
ager  of  NuMega,  a  division  of  Compuware  in 
Nashua,  N.H.  “Empower  team  members  of  all 
experience  levels,”  he  advises. 

Although  forming  and  growing  a  team  is  an 
ongoing  process,  sometimes  a  team  can  spring 
forth  full-grown,  Foote  says.  He  recalls  an  IT 
manager  who  hired  an  entire  development 


team  from  a  company  going  out  of  business. 
The  new  employer  got  the  entire  construction 
crew  and  then  introduced  them  to  the  business 
strategists  in  the  new  neighborhood.  They 
teamed  up  to  design  and  build  the  next  expan¬ 
sion  to  their  new  town. 

Watt  is  a  senior  editor  with  Network  World ’s 
Intranet  Magazine.  She  can  be  reached  at  pzvatt @ 
mow.  com. 


Last  call  you  Proud  of  any  of  the 

-  network  projects  your  team  has 

accomplished?  Tell  us  about  your  network  triumphs 
so  we  can  give  you  and  your  team  the  recognition 
you  deserve.  Network  World’s  User  Excellence 
Awards  honor  the  innovative  and  effective  use  of 
network  technology  to  achieve  corporate  objectives. 
For  entry  details,  go  to  www.nwfusion.com/ 
medialounge.  But  hurry  -  the  entry  deadline  is 
Sept.  1,  1998. 


Building  an  intranet  is  somewhat  like 
founding  a  town.  The  population  is 
ready  and  probably  helping  frame 
some  of  the  structures.  But  becom¬ 
ing  a  community  is  the  real  chal¬ 
lenge  —  and  the  builders  must 
become  a  team  first  to  lead  the  way. 

Assembling  an  intranet  construc¬ 
tion  crew  often  is  trickier  than  pick¬ 
ing  a  team  for  traditional  IT  projects. 
That’s  because  intranet  team  members  usually 
are  much  more  diverse  than  IT  staff  alone. 

On  intranet  teams,  users  aren’t 
confined  to  their  usual  role  of 
interface  design  and  usability  test¬ 
ing.  They  are  often  intranet  con¬ 
tent  managers,  so  they  may  help 
with  application  design  and  mainte¬ 
nance.  Increasingly,  a  nontechnical 
person  participates  to  describe 
business  tasks  that  intranet  applica¬ 
tions  are  supposed  to  solve. 

Indeed,  the  most  successful 
intranets  result  from  pairing 
technological  solutions  with  busi¬ 
ness  and  information  manage¬ 
ment  issues,  and  planning  the 
process  with  representatives  of 
both,  says  David  Foote,  manag¬ 
ing  partner  at  Cromwell  Foote 
Partners,  LLC,  a  management 
consultancy  in  Stamford,  Conn. 

Melding  those  disparate  tal¬ 
ents  into  a  team  is  challenging,  but  variety  is  a 
strength,  according  to  some  who’ve  been  there. 
“The  first  [application]  idea  often  comes  from 
the  businessperson,  whom  I  put  with  the  tech¬ 
nologists  to  make  it  happen,”  says  Sherman 
Woo,  director  of  Global  Village  information 
tools  at  US  WEST  in  Denver.  He  considers  the 
intranet  team’s  mission  a  business  strategy,  not 
strictly  the  accomplishment  of  technical  tasks. 

Lofty  ideals  and  all,  some  nuts-and-bolts  sug¬ 
gestions  help  such  construction  crews.  For  exam¬ 
ple,  Foote  recommends  goals  and  rewards  — 
especially  milestone  rewards  during  a  long  pro¬ 
ject.  He  also  encourages  rewards,  particularly 
bonuses,  for  project  completion;  such  perks 
keep  the  staff  around  for  the  duration. 

If  you  offer  incentive  bonuses  for  projects, 
you’ve  got  to  spell  out  the  expected  milestones 
and  set  practices  for  fulfilling  the  goals,  Foote 
cautions. 
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BT  North  America  Inc.  (a  subsidiary  of  British  Telecommunications), 
is  one  company  which  is  uniquely  positioned  to  play  a  leading  role  as 
the  world  moves  toward  truly  global  communications.  BT’s  global 
telecommunications  network  is  among  the  most  complex...  and  most 
reliable...  in  the  world.  We  are  actively  seeking  foward  thinking  indi¬ 
viduals  who  are  excellent  team  players  as  we  gear  up  for  future  oppor¬ 
tunities  in  the  United  States  where  we  already  serve  many  of  the 
Fortune  400.  Positions  are  located  in  Chicago,  San  Francisco, 
Houston,  New  York  and  other  cities  nationwide. 

Account  Managers 

In  this  elite  position,  you’ll  lead  BTNA’s  drive  to  meet  customer  needs 
with  the  most  advanced  global  telecommunications  solutions.  You’ll  be 
the  customer’s  key  contact,  responsible  for  all  levels  of  their  organiza¬ 
tions  worldwide.  Using  your  strong  mix  of  sales  and  technical  presenta¬ 
tion  skills  along  with  knowledge  of  telecommunications  and  your 
clients’  business,  you’ll  compete  to  gain  preference  for  BTNA’s  world- 
class  solutions.  A  record  of  success  managing  complex  Fortune  500 
relationships  for  telecommunication,  computer,  or  Internet  services 
is  required. 

Senior  Sales  Engineers 

As  an  integral  part  of  the  sales  team,  you  will  be  involved  in  sales 
presentations,  preparation  of  cost  effective  network  specifications  and 
designs,  negotiations,  and  training  and  technical  support  of  sales  per¬ 
sonnel  where  appropriate.  Responsibilities  also  include  technical  coor¬ 
dination  of  installations  and  on-going  customer  support  and  satisfac¬ 
tion.  A  degree  in  a  technical  discipline,  knowledge  of  Public,  Private, 
and  Virtual  Voice  Networking,  Data  &  Digital  Transmission  systems, 
Statistical  and  Time  Division  Multiplexers,  signaling  systems,  Packet 
&  Frame  Relay  technologies,  and  PBX’s  are  required. 

Project  Managers 

You  are  key  to  the  quality  and  delivery  of  services  from  BTNA.  You 
will  work  with  third  party  suppliers,  BT  alliance  partners,  and  over¬ 
seas  carriers.  You  will  provide  the  overall  direction,  support  and  cus¬ 
tomer  contact  during  the  bid  phase,  negotiating  feasible  implementa¬ 
tion  dates,  plans,  and  customer  acceptance.  You  must  have  great  tech¬ 
nical  understanding  and  superb  customer  relations  skills,  and  experi¬ 
ence  in  the  telecommunications  field. 

BT  North  America  Inc.  offers  a  highly  attractive  compensation  and 
commission  package  plus  excellent  benefits.  Forward  your  resume, 
indicating  position  of  interest,  to:  EMAIL: 
btnajob@nynewyorkl.btna.com;  FAX: 

(212)  418-7834;  or  by  mail  to:  BT  North 
America,  Attn:  NW/824,  40  East  52nd  St., 

8th  Floor,  New  York,  NY  10022. 

EOE  M/F/D/V. 


WWW.BT.COM 


NETWORK  SYSTEMS  SUP¬ 
PORT  MANAGER.  Manage 
Network/Systems  Support 
Department  including  instal¬ 
lation,  Maintenance,  and 
monitoring  of  local  and  wide 
area  networks;  personal  com¬ 
puter  installation,  purchasing 
and  maintenance;  creation, 
generation,  and  distribution 
of  management  information 
and  reports.  Coordinate  and 
direct  activities  of  local  and 
wide  area  networking  to 
include  hardware  purchasing, 
installation,  mainframe  inter¬ 
face,  software  back-up, 
directory  inventory  and  main¬ 
tenance,  security  control  and 
training  support.  Provide  per¬ 
sonal  computer  support  to 
include  software  installation 
and  maintenance,  PC  train¬ 
ing,  PC/mainframe  interface 
PC  purchasing,  PC  inventory 
and  control,  and  PC  security. 
Coordinate  management 
information  reporting  to 
include  generation,  modifica¬ 
tion,  and  distribution  of  week¬ 
ly,  monthly,  quarterly, 
ongoing  reports;  special  one 
time  reports  and  mainframe 
downloading  of  information 
for  marketing  reports.  Man¬ 
age  the  department  to  include 
hiring  and  training  employ¬ 
ees,  plan  and  prepare  daily 
job  schedules;  conduct  perfor¬ 
mance  reviews  and  counsel¬ 
ing  sessions.  Must  have  proof 
of  legal  authority  to  work  in 
the  United  States.  Require¬ 
ments  are:  M.S.  in  a  comput¬ 
er-related  field  (Computer 
Science,  Computer  Engineer¬ 
ing,  Electrical  Engineering,  or 
Management  Information 
Systems).  40  hours/week,  8:00 
a.m.  to  5:00  p.m.;  overtime 
varies;  $55,566  per  year.  Con¬ 
tact  Office  of  Employment 
Security,  1991  Wooddale 
Boulevard,  Baton  Rouge, 
Louisiana  70806.  Job  Order 
Number  094855. 


1998  NETWORK  WORLD 
USER  EXCELLENCE 
AWARD  COMPETITION 


Each  year,  through  its  User  Excellence 
Award  competition,  Network  World  honors 
organizations  that  make  innovative  and 
effective  use  of  network  technology. 
We  are  now  accepting  entries  for  the  1998 
competition.  If  your  organization  or  one 
that  you  know  of,  has  completed  a  network 
project  that's  deserving  of  attention,  let  us 
know  about  it. 

For  more  information  and  to  submit  your 
entry  go  online  to  Network  World  Fusion . 
Entries  must  be  received  by 
September  1st. 


NetworkWorld 

http  ://www.nwfusion.  com 


Where  do  you  want  to 


FREE  ADMISSION! 
Meet,  network  &  interview 
with  the  Nation’s  Top 
Technical  Hiring  Managers! 


Come  to  any 
one  of  the 
Shows  &  WIN 
one  of  these! 


Palm  III 

C  iwkrt  Off  • . 


...Or  Win  a  5  Day 
High-Tech  Course  From 


wExecuTrain 


(at  the  NY  &  NJ  Events) 


IMew  York  City,  NY 
Wed.  Aug  26th 
Sheraton  l\l Y •  7th  Ave  &  53rd  St. 
Travel  Directions:  (212]  581-1000 

Stamford,  CT 
Thurs.  Sept  17th 
Westin  Stamford  •  1  Stamford  PI 
Travel  Directions:  (203]  967-2222 


Immediate  Face  to  Face  Interviowe  from  10am  to  6pm  with:  [at  one  or  more  of  above  the  eventsl 

Partial  list:  Microsoft  Corp.  •  AT&T  •  Canon  USA  •  Prudential  •  IBM  Corp.  •  Pricewaterhouse  Coopers  •  Sun  Microsystems  •  Fidelity  Investments  •  1 

PeopleSoft  •  Deloitte  &  Touche  Consulting  •  Citibank/Citicorp  •  Arthur  Andersen  •  Credit  Suisse  First  Boston  •  Macy's  East  •  Peppendge  Farm  •  KPMG  f 

•  Bellcore  •  The  Bank  of  New  York  •  Aetna/AUSHC  •  Warburg  Dillon  Read  •  UPS  •  Bloomberg  •  Comcast  Cellular  •  New  York  City  Transit  •  MBNA  •  r 
Keane  •  AT&T  Resource  Link  •  Port  Authority  of  NY  &  NJ  •  Robert  Half  International  •  Summit  Bank  •  LANcomp  •  IKON-Valinor  •  DMR  Consulting  Group  ) 

•  EDS  •  Reuters  Analytics  •  Peco  Energy  •  Prolifics  •  PRT  •  Yeshive  University  •  Yoh  Scientific  •  Aerotek  •  Computer  Horizons  Corp.  •  LaSalle  University  i 

•  Connecticut  State  University  •  BaaN  •  SUNY  Brooklyn  HSC  •  AE  Feldman  Assoc.  •  Ajilon  Svcs.  •  Beechwood  •  Chubb  Computer  Svcs.  •  Comdisco  •  L 
CTG  •  DeSai  Systems  •  DataZed  •  EDP  Contract  Svcs.  •  Entex  •  First  American  Credco  •  Grace  Technologies  •  Greenwich  Technology  Partners  •  1 1  C  •  I 
Howard  Systems  Int'l  •  JGI  •  HUON  Corp.  •  Ibase  Consulting  •  ICON  CMT  •  Interim  Technology  •  International  Network  Services  •  JDA  Software  Group 

•  Kenda  Systems  •  Kinderhook  Systems  •  Mentortech  •  MetaCorp  Strategies  •  Noblestar  •  Palarco  •  PCSI  •  Pep  Boys  •  Platinum  Technology  •  Spitz  •  I 
Raytheon  Engineers  •  Realtech  Systems  Corp.  •  Software  Corp.  of  America  •  Source  EDP/Source  Consulting  •  Staffworks  •  Structured  Logic  •  Synygy  •  i 
TelTech  •  SysNET  Consulting  Services  Corp.  •  Technotrac/Equate/Woods  Group  •  The  Matlen  Silver  Group  •  The  Systems  Group  •  The  Consortium  •  XRT  J 

•  Tiffany  Computer  Systems  •  Tiger  Info  Systems  •  Volt  Services  Group  •  Wave  Technologies  •  Winstar  Telecommunications  ind  many  more! _ I 

OPEN  POSITIONS:  All  Exp'd  Programmers  {Senior  Levels  desired).  Analysts.  Consultants.  Developers.  Software  Engrs.  Architects,  ft 

Financial  S.  Business  Systems  Analysts.  Year  2000  Programmers.  ALL  Sybase/Oracle/Lotus  Notes  DBA's  &  Administrators,  I 
Analysts/Modelers,  Coders.  R&D,  Telephony,  Wireless  Engrs,  Project  Mgrs  &  Leaders.  Sys  Admins.  CNE's.  Experts.  LAN/WAN.  I 
Netwk  Engrs,  ASIC  &  Power  Supply  Engrs.  Mainframe  P/As  &  Developers,  Hardware  Techs.  Software  Diagnostic  Engrs.  Designers.  I 
Integrators.  Operators,  Process  Re-Engrs,  Tech  Writers.  CAD.  Appl  Dev,  Internet  Svcs.  Ntwk  Security.  HTML.  MDF.  DataCom,  TAC.  1 
PC/MIS  Techs,  Tech  Support.  Tech.  Sales  &  Mkt  Reps.  Trainers,  Help  Desk.  E-Mail  Specialists,  Desktop  Publishing  Sys  Specialists. 
Java  Devs.  Project,  Client/  Implementation  Mangs.  Realtime  Dev.  Web  Masters/  Dev  Artists, Testers/ QA  mod  more. 

If  you  can't  attend,  mall  1  raauma  to:  TECHEXPO  NW.  175  5th  Ava,  Suita  8380  NY,  NY  10010 


For  Experienced  Computer  Professionals!  Bring  many  Resumes  &  Friends! 
Company  exhibit  space:  212-655-4505  •  Visit  us  at:  WWW. tech-expo. com 


Philadelphia,  PA 

Tues.  Aug  25th 

Pennsylvania  Convention  Center 
Travel  Directions:  (215)  418-4989 

Somerset,  NJ 
Wed.  Sept  2nd 
DoubleTrce  Hotel  •  200  Atrium  Dr. 
Travel  Directions:  (732)  469-2600 


Hartford,  CT 

Tues.  Sept  1st 

Sheraton  Hartford  *315  Trumbull 
Travel  Directions:  (860)  728-5151 

Boston,  MA 

Thurs.  Oct  22nd 
Boston  Park  Plaza  •  64  Arlington  St. 
Travel  Directions:  (860)  728-5151 
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The  Hub  of  the  Network  Buy  Marketplace# 


I  SNMPc  and  CiscoWorks  for  Windows  Users 

Ja//  Now  for  Special  Trade-up  Pricing 


http://www.castlerock.com 


Castle  Rack 

Computing 


Castle  Rock  Computing,  Inc. 
12930  Saratoga  Avenue 
Saratoga,  CA  95070 


Network  Manager 
for  Windows  NT 


•  Distributed  Architecture  Scalable 
to  25,000  Devices 

•  Multiple  Console  Logins 

•  Automatic  Baseline  Alarms 

•  View/Report  TopN  Statistics 

•  Scheduled  Printed  and  WEB  Reports 

•  Derived  MIB  Data,  Including 
Utilization  and  Volume 

•  RMON  and  Device  Specific  Applications 


Tel:  408 
Fax:  408 


#300  @  www.networkworld.com/lnfoxprest 


Remote  Trouble-Shoot  &  Reboot 


^  Dial-up  and  telnet  access  to  Remote  Sites 
%/  Select  Multiple  Console/AUX  Ports 
Reboot  power  on  selected  devices 


RACK  MODEM 


□ 


REMOTE 
ADMINISTRATOR 


CONSOLE  SWITCH 


HS232  CONSOLE  PORTS 

REBOOT  SWITCH 


ROUTER 

DSU/CSU 

MUX 

COMM. 
SERVER  ^ 


When  It  comes  to  remote  Site  Management,  no  one  offer s  more  choices  to  access 
multiple  console/AUX  ports  and/or  reboot  power  than  NetReach  products  from 
Western  Telematic,  We  offer  the  flexibility  you  need  to  mix  and  match  equipment  for 
small  or  large  remote  management  strategies.  NetReach  products  are  now  Installed  In 
thousands  of  network  sites  world  wide.  Our  customers  know  they  can  depend  on  our 
superior  quality  and  reliability  for  their  mission  critical  operations. 


m 


western 
telematic  inc. 


Console/AUX  Fbrt  Managers 

Remote  access  to  multiple  R5-232  Console/AUX  Ports 

•  TCP/IP  (telnet)  and  dial-up  (modem)  •  Continuous  off-line 
buffering  •  Password  Protected  •  Any-to-Any  Port  Matrix 
Switching  •  AC  or  -48>V  DC  power  options  •  Various  models 
from  4  to  64  ports 


Intelligent  Remote  Fbwer  Switches 

Reboot  “locked-up"  network  equipment 

•  AC  and  -46V  DC  versions  •  Password,  Site  ID.  Plug  Labels 

•  On/Off/Reboot  power  switching 


Rack  Mount  Modem 

dingle  modem  for  Dial-up  acces  to  console  ports 

•  AC  and  46V  DC  powered  •  36.6Kbps  V34+  •  Requires 
only  one  19"  rack  space 


(800)  854-7226  *  www.wti.com 


5  Sterling,  Irvine,  CA  92618-2517 
Facsimile:  (949)  583-9514 


#2 BO  O  www.networkwoHd.com/lnfoxnrati 


For  Free  Product  Info  •  www.notworkworld.com/lnfoxpress 
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$  995.00 


Web:  http://www.gnatbox.com 
Email:  gb-sales@gta.com 
Tel:  +1  -407-380-0220  Fax:  +1  -407-380-6080 


XK° 

x 

% 


The  Simple,  Powerful  &  Affordable 


•  Proven  Firewall  Technology 

•  Network  Address  Translation 

•  Unlimited  User  License 

•  High  Performance 

•  Transparent  Network  Access 

•  Easy  to  Configure  &  Use 

•  Remote  Web  Based  Management 

•  Minimal  Hardware  Requirements 

•  Ideal  for  Intranets 

•  Cost  Effective 


1 -800-775-4GTA 


#292  @  www.networkworld.com/infoxpress 


“Just  think,  Captain,  someday  we 
will  be  able  to  put  voice  and  data 
on  one  circuit.” 


“...And  what  kind  of  technology 
could  make  that  happen?”  . 


American 

TECHNOLOGY 


American  Technology’s  1 5 1 0  T I  /FT  I  CSU/DSUs 

with  Drop  &  Insert/  _  1% Start  at  only  $1 195! 


SNMP  Managed,  Affordable,  Reliable. 

Just  what  you’d  expect  from... 

For  More  Information: _ 

Phone:  800.223.9758  Fax:  406.777.55 1 2  info@atli.com  http://www.atli.com 
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L 


Negation 

Communications  Inc. 


International  +1(408)  530-1000 
E-mail:  sales@netnation.com 
Web  site:  www.netnation.com 

1 -800-81 5-01 18 


Using  35  T3  lines 

Reliability 

Redundant  power  management 
systems,  UPS  and  350  kW 
generator  backups,  manned 
7  x  24,  "floating"  floor,  special 
fire  protection,  air  conditioning, 
seismic  and  security  systems 

B1  You  Get; 

50  MB  disk  space, 

2  GB  traffic  /month, 
FrontPage™98  Server  Extensions 
Web  Site  management  Control 
Panel,  Web  Site  Statistics 

Optional  Features: 

CyberCash™,  Storefront™, 
Truespeech™,  SSL,  RealAudio™, 
[yf  RealVideo™,  JavaChat,  WebAlert 

j_  Domain-Name 

Uo 

GLOBAL  -  .com,  .net,  .org, 
and  COUNTRY  domains 

30  day 

money  back  guarantee! 

'  . ;  •’  kfei: 


Vf'iiSian  THAVTI 


-V  & 

NITWOMK  _  .  ~ 

solutions  CyberCash 


|prices  and  features  subject  to  change  without  notice.  All  trademarks  are  the  property  of  the  respective  owners| 
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So  Full  of  Features,  You  Won’t  Believe  the  Price 


OBSERVER 


Capture  and  Decode  Protocols 
Monitor  Bandwidth  Utilisation 
Grade  LAN  Efficiency 
Long-Term  Network  Trending 
Auto-discover  Network  Addresses 


$995. 


Ethernet,  Token  Ring  and  FDDI 
Windows  95/  98  and  NT 


aeaats 


Set  Triggers  and  Alarms 
Extensible  with  Probes 
Monitor  Network  Errors  by  Station 
Many  new  decodes  including  IPv6 


Multiple  Mode  Interface 
View  LAN  Errors  (Vital  Signs) 
Monitor  WEB  Servers 
Track  Router  traffic  in  real  time 
Full  32-bit  (95/98  e>  NT  4.x  Only) 
Filter  by  MAC  or  IP  address,  protocol,  or  offset 
View/  Chart  IP  and  IPX  usage  by  service 
Detect  duplicate  IP  addresses 


If  you  have  network  slowdowns,  would  you  cause  is  found,  solutions  and  action  plans 
know  if  they  are  due  to  overloaded  become  clear.  Start  seeing  what  you  have  been 

bandwidth,  broadcast  storms,  or  errors?  missing!  Call  800-526-791 9  for  a  FREE 
Observer  will  show  your  LAN  traffic  in  real  DEMO  or  download  from  our  web  site, 
time,  and  with  this  information,  help  you 
pinpoint  problems.  Once  the  source  and 

www.networkinstruments.com 

©  1998  Network  Instruments,  LLC  -  Corporate  Headquarters  (612)  932-9899  FAX  (612)  932-9545,  UK  and  Europe 
+44  (0)  1474  702427  FAX  +44  (0)  1474  707830  Internet:  info@networkinstruments.com  www.ncrworkinstruments.com 
Observer®,  Network  Instruments  and  the  “N”  logo  are  trademarks  of  Network  Instruments,  IJ-C  Minneapolis,  MN  USA 
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Fast,  Proven  and  Effective  i.T. 


oreFront  offers  the  fastest  and  easiest  way  to  provide  superior  training  for  Information 
Technology  (I.T.)  professionals.  Our  Self-Study  Courses  are  100%  computer-based 
training  (CBT)  on  CD-ROM  for  flexibility  unmatched  by  traditional  training  methods. 

f  Cisco  Certification.. .FAST! 

Ijrwr  The  Cisco  Self-Study  Course  from  CBT  Systems™  provides 
(it  t  »  0  training  for  the  installation  and  maintenance  of  Cisco 
routers.  This  course  fulfills  the  ICRC,  ITM 
and  ACRC  requirements  for  the  Cisco  Career  Certifications 
program.  Cisco  condeveloped  and  approved! 

MCSE  Certification... FAST! 

The  ForeFront  MCSE  Self-Study  Course™  fully 
prepares  I.T.  professionals  for  passing  the  MCSE 
exams.  Provides  the  knowledge  and  skills 
necessary  to  plan,  implement,  maintain 
and  support  information 
systems  using  Windows 
NT  and  other  Microsoft® 

Server  products. 


ForeFront 

CBT  Self-Study  Co"^ 


Call  Today  for  Special  Discount  Pricing! 

1-800-475-5831 

(813)724-8994  •  FAX  (813)  726-6922 


Copyright  ©  1998  CBT  Group,  PLC.  All  rights  reserved.  ForeFront  Direct,  Inc.  the  ForeFront  Direct  logo  and  ForeFront  Direct 

Self-Study  Course  are  trademarks  of  CBT  Group,  PLC.  All  other  trademarks  are  the  properties  of  their  respective  holders.  Printed  in  the  U.S.A. 


•  Provide  Valuable  Knowledge  and  Skills 

•  Boost  Work  Efficiency  and  Performance 

•  Self-Paced  Format  for  Flexible  Scheduling 

•  Interactive  Hands-on  Exercises 

•  One-on-One  Training  Consulting  Available 

CNE  Certification  ...FAST! 

The  ForeFront  CNE  Self-Study  Course™  provides 

fast,  effective  and  convenient  training  for  the  CNE 
exams.  Includes  the  knowledge  I.T.  professionals 
need  to  pass  the  exams  and  gain  the  skills  for 
maintaining  an  IntranetWare  network. 

A+  Certification...  FAST! 

The  ForeFront  A+  Certification  Self-Study  Course™ 

incorporates  all  the  technical  material,  knowledge  and 
interactive  exercises  needed  to  pass  the  A+  exams  and 
excel  in  today’s  dynamic  PC  repair  marketplace. 

Forefront 

DIRECT 

A  CBT  Group  Company 

25400  U.S.  Hwy.  19  N„  #285, 
Clearwater,  FL  33763 


NASDAQ: CBTSY 
GSA#  GS-02F-9379C 
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West  Hills  Networking  Solutions 


10/100  Network  Cards 


Gigabit  Network  Adapter . Call  for  Prices 

3COM  Fast  EtherLink  XL 

Auto-sensing  10/100  PCI  RJ45  network  adapter . 

(3C905-TX)  . Call  for  Prices 

INTEL  PRO/IOO  TX  PCI 

High  performance  10/100  32  bit,  RJ45,  adapter. 

(PILA8460)  . $60 


Cisco  10/100  Fast  Hub 

Dual  speed  auto-sensing  10/100  hub. 

12-Port  (112T) . $769  24-Port  (124T). 


$1,235 


D-LINK  10/100  Hubs 

16  and  24  10/100Base-TX  Dual  Speed  Unmanaged  Hub 
16-Port  (DFE-916X) . $616  24-Port  (DFE-2624X) . $970 


NBASE  MegaStack  100  -  Fast  Ethernet  Hub 

24  10/100  Port  autosensing  stackable  hub 
with  option  for  fiber  uplink  (NH1026) . 


$1,556 


Switches 


3COM  SuperStack  II  Switch  1100 

The  Switch  1100  provides  12-24  switched  Ethernet  ports  and  2 
10/100  ports.  (3C16950/1) . Call  for  Prices 


3COM  SuperStack  II  Switch  3300 

Switched  10/100Mbps  RJ45  ports 

12-port  (3C16981)  24-port  (3C16980) . Call  for  Prices 

BAY  NETWORKS  303/304  Switch 

12  and  24  lOBaseT  ports  and  one  100TX  port. 

12-Port  (AL2001E05) . $890  24-Port  (AL2001E04) . $1,120 

BAY  NETWORKS  BaySlack  350T/350T-HD 

16  and  24  10/100  auto-sensing  ports. 

16-Port  (AL2012E01)  24-Port  (AL2012E10)  24-port..  Call  for  Prices 
BAY  NETWORKS  Accelar  1250 


Cisco  Catalyst  1924 

24  port  lOBase-T  switch  with  2  100Base-TX  port. 


Cisco  Catalyst  2924 


0223 

il 


NBase  MegaSwitch  II  10/100/1000 

10/100  auto-sensing  switch  with  up  to  48-ports  and  2-slots  to  offer 
Fiber  up  to  IIOKm,  ATM,  and  Gigabit  Ethernet  --  All  in  one  box. 

(NH2048)  . $2,190 

Gigabit  Ethernet  Module  (NH2002/GE/M) . Call  for  Prices 

NBASE  MegaSwitch 

8-port  lOBase-T  and  2-port  10/100  (NH210)  . $780 


Remote  Access 


ADTRAN  T1/FT1 

TSU  LT  V.35,  CSU/DSU.  (1202060L1)  . $659 

ASCEND  Pipeline  85 

Pipeline  85  ISDN  Bridge  Router  with  2  Pots  and  4  RJ45  ports 
(P85-1BRI)  . $655 


$1,220 

ASCEND  Pipeline  130 

Pipeline  130  Router  ISDN  BRI,  Built-in  NTI,  IP/IPX 
(P130-UBRI-V35)  . 

. $1,285 

$1,128 

3Com/USR  Access  Concentrator  3000 

Supports  Full  T1  with  24  to  144  Modems  (001843-00) 

. $5,430 

$2,248 

CISCO  2501  Router 

1  Ether  port/2  serial  ports  (Cisco2501-CH)  . 

Call  for  Prices 

***C^>fo 


CISCO  2509  Router 

1  Ether  port/2  serial  ports/8  Asynchronous  ports. 
(Cisco2509-  CH) . 

Special  Pricing  for  ISP’s 


$2,129 


Transceivers 


100Base-TX  to  100Base-FX  Transceiver . Call  for  Prices 

lOBase-T  to  AUI/FL  Transceiver . Call  for  Prices 

BNC  to  RJ45  Transceiver . . Cali  for  Prices 


Call  for  Current  Pricing  on  Any  Manufacturer’s  Products 


1-800-FOR-LANS 

1-800-367-5267 

sales@west-hills.com 


m 


wetT  hill* 

LAM  lYITeMf 


7949  Woodley  Avenue,  Van  Nuys,  CA  91406 
Technical  Support:  818-773-8171 
V  Fax:  1-818-773-8932 


Visa/MasterCard/Discover/American  Express  •  Fast  Delivery  •  Most  Orders  Ship  The  Same  Day  •  Prices  Subject  To  Change  Without  Notice 


'  ■  •  r.ro  i 


For  Free  Product  Info  •  wv»fw.networkworld.com/infoxpress 


#297  @  www.networkworld.com/infoxpress 


Network  World  •  August  24, 1998  •  www.nwfuslou.com  •  45 


pie  Edit  jto  Log  Menage  £onflg  window  Help 
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sra™ 


['John  (Generic  5»MP|  liiuimTtEb 


SNMPc  •  SAMPLE2.N0D 


The  Hub  of  the  Network  Buy 


SNMPc 

Network  Manager  for  Windows 


Trend  Wsb* 


3/SynOptlcs 

Urtiwi 

a 


1*5  = 


a*co 


network 


RMON 


•  Full  RMON  Support 

•  Integrates  with  HP  OpenView 

•  TCP/IP,  Telnet,  TFTP,  BOOTP 

•  WinSNMP/WinSock/DDE  APIs 

•  SNMP,  ICMP,  IPX  Polling 

Castle  Rock 

Computing 


Node  Discovery 

Long  Term  Statistics/Thresholds 
Custom  Event  Actions/Forwarding 
Over  100  Device  Specific  GUIs 
MIB  Compiler/Browser 

408-366-6540 

Fax:  408-252-2379 


EBOOT  -and-  ACCESS 

. 

Remote  Networking  Equipment 
m.  With  ONE  DS-RPC 


Built-In 

Control 

Power 

Modem 

■ 

Port 

Access 

.v  ■ 

BB 

Control 

?H’tr  control  and  console  port  ac 
Menu  driven  device  selection 

#  Programmable  device  names 

*  Built-in  modem 

®  EIA-232  console  port for  onsite  access 
3  Reboot  all  or  indh’idual  equipment 
3  4-12  control  ports,  4  receptacles 


Hub 

Server 


ipiipp* 

■  ■ 


The  DS-RPC  is  not  just  another  code-activated  switch,  the  DS-RPC 
provides  a  menu  driven  Uuser  friendly”  interface  for  device  selection  and 
power  control.  Call  today  for  all  your  remote  site  management  needs. 

Contact  us  today  for  a  demo  of  the  DS-RPC 


BayTech 


Toll  Free:  800-523-2702  International:  228-467-8231 
Fax:  228-467-4551  WEB:  www.baytechdcd.com 
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HyNEX  HUNT  7100 


*  Guaranteed  End-to-End  Service  Level  Commitment 

*  Performance  Monitoring,  Policing,  Shaping  and  Billing  Tools 

*  Hot  Swappable  Interfaces  for  Media  /  Rate  Adaptation 

*  Fail  Safe  and  Fault  Tolerant  Power  System 

*  LAN  Network  Termination  Access  Nex,  Re|ease  with 

*  Supports  oa&m  Standards  Voice  Support! 


HyNEX  Switching  to  Affordable  ATM 


Tel:  +972-9-970-4110  •  Fax:  +972-9-970-4210  •  email:  info@hynex.com 
P.O.Box  286,  Shefayim  60990,  Israel  •  http://www.hynex.com 
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Do  you  offer  Training  or 
Educational  Services? 


Enku  today  to  find  out  how  to  place 
your  listing  in  our  NEW  “Training  Directory.” 

Call  800-622-1108  ext.  7465 


If  so,  call 


Network  Re 
CD-ROM  Servers 


Excel  custom  designs 
powerful,  expandable 
CD-ROM  Solutions  for 
Netware,  Windows  NT  and 
Unix  Systems  ranging  from 
7  to  256  CD-ROM  Drives. 


CD-ROM  Systems 

888-286-6201 


I 
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|  Microsoft] 


The  Hub  of  the  Network  Buys 


The  Leader 


cPCI  W 


Introduces  .  .  . 

WAN/c  575 

The  lowest  cost  dual  port  T1  adapter 
with  built-in  CSU/DSU  support 

OS  Support:  Windows  NT  •  DOS  •  Unix 
Protocols  Supported:  Frame  Relay  •  HDLC  •  PPP  •  X.25 


Transcender  delivers: 

•  Realistic  MCSE  &  MCSD  Questions 

•  Detailed  Answers 

•  Citations  to  Microsoft  References 

•  Predictive  Score  Reports 

•  Focus  Your  Study 

•  Pass  the  Real  Exam 

•  From  $129  -  $179 

•  Money  Back  If  You  Don’t  Pass  Guarantee* 


^  (Who  says  good  looks  never  go 


It  got  us  the  top  spot  in  the  reader’s  poll 


Well,  maybe  it  wasn't  our  good  looks,  maybe  it  was 
our  great  Microsoft'’  certification  exam  simula¬ 
tions.  Readers  of  MCP  Magazine  voted  Transcender 
exam  simulations  the  best  prep  out  there.  April 
and  the  rest  of  Transcender’s  top  notch  team  of 
exam  development  professionals  have  been 
designing  exam  simulations  longer  and  better  than 
anyone  else.  So,  what  are  you  waiting  on?  We  save 
you  time.  We  save  you  money.  Guaranteed* 
Check  us  out.  We’re  on  the  Web. 

Transcender® 

Corporation 


www.transcender.com 


To  order  call  April 


(6 IS)  726-8779  or  fax  (615)  726-8884  •  242  Louise  Ave.  Nashville, TN  37203 
*Call  or  visit  our  Web  site  for  details 

1 998  Transcender  Corp.  Ail  Rights  Reserved.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation. 


VISIT  US  AT: 

ComNet  San  Francisco 
Sept  30  -  Oct  2 
Booth  #:  838 


VISIT  US  AT: 

NetWorld  +  Interop 
Oct  21-23 
Booth  #:  115 


SDL  Communications,  Inc. 

The  uplink  company 

Adapters  supporting  rates  from  56k  to  OC3 

For  more  information  on  SDL’s  wide  range  of  WAN  adapters,  contact  us  at: 

PHONE:  [508]  238-4490  FAX:  [508]  238-1053 
EMAIL:  sales@sdlcomm.com  WEBSITE:  http://www.sdlcomm.com 

" The  WAN  Interfaces  of  choice  for  Networking  Leaders" 

PICCMG^M  an(]  the  PICMG™  logo  are  trademarks  of  the  PCI  Indus  trial  Computers  Manufacturers  Group  all  other  logos  <£  trademarks  are 
property  of  their  respective  owners. 
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Compatible  Systems 

the  VIRTUAL  leader 


1.888.356.0283 


www.compatible.com/vpn_now/ 


"IntraPort™  cut  our  remote  access  costs  by  35%." 

Mark  Schmidt,  Heritage  Broadcasting 


Remote  salesperson  just  spent  3  hours 
transferring  sales  presentation  from  Detroit. 

Total  long-distance  charges:  $0. 


'  :  Vs* 


•Yv.-.Y 


It  used  to  be  that  salespeople  out  in  the  field  were  simply  out  in  the  cold  when  it  came  to  having  cheap,  easy 
access  to  centralized  data.  But  now,  thanks  to  IntraPort™  VPN  Access  Server  from  Compatible  Systems, 
you  can  get  secure  remote  access  at  a  fraction  of  the  traditional  cost. 

IntraPort  allows  you  to  create  a  Virtual  Private  Network  (VPN)  using  the  Internet  to  connect  remote  offices 
to  a  central  database.  For  Heritage  Broadcasting  Group,  owner  of  CBS  affiliates  in  Northern  Michigan,  that 
meant  remote  and  SOHO  salespeople  can  send  and  receive  data  without  long  distance  charges.Their 
phone  bills  went  from  an  average  $400  per  salesperson  to  just  under  $20! 

IntraPort  supports  IP  and  IPX,  increases  security  with  two  levels  of  encryption,  and  decreases 
network  administration.  Find  out  how  to  cut  your  remote  access  costs  immediately  and  register 
at  www.compatible.com/vpn_now/  to  receive  your  free  VPN  Handbook  subscription. 


s'.v  :r 
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Protocol  Reference  Guides 


Save  valuable  time  troubleshooting  your  internetwork  with 
these  Reference  Guides.  Each  laminated  guide  is  8  V2"  x 
11",  double-sided,  and  available  for  only  $5.95  each,  plus 
shipping.  The  following  titles  are  available: 


LANs 

Architectures 

WANs 

Net  Mgt 

Internets 

ATM 

•  AppleTalk 

•  DS1/DS3 

•  SNMPvl 

•  TCP/IP 

ATM  LAN  Emulation 

•  Banyan  VINES 

•  Frame  Relay  •  SNMPv2 

•  IPv6  (IPng) 

Ethernet/IEEE  802.3 

•  DECnet  Ph  IV 

•ISDN 

SNMPv3 

x^*  RIP 

FDD 1 

•  GOSIP  version  2 

•SMDS 

•RMON 

RSVP 

Token  Ring/IEEE  802.5 

•  Novell  NetWare 

•SONET 

•  RM0N2 

•OSPF 

LAN  Cabling 

•  The  Internet 

•X.25 

•  WAN  MIBs 

•  ISO  TP/CLNP 

Physical  Layer 

•  Internetworks 

•ADSL 

IPv6  MIB 

•  ISO  IS-IS 

Data  Communication 

•  Unix 

•PPP 

•HTML/ HTTP 

•  ISO  ES-IS 

^  DHCP 

BGP 

Call  Us  for  More  Information  and  a  Free  Catalog 


Hollister  Associates  •  P.O.  Box  575  •  Lyons,  CO  80540 
Tel:  (303)  682-2634  Fax:  (303)  682-2654 

http://www.HollisterAssociates.com  Email:  info@HollisterAssociates.com 

All  trademarks  are  the  sole  property  of  their  respective  companies. 
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NetworkWorld 


Inf  .  pre  s 


Online  Reader  Service 

NetworkWorld  InfoXpress  is  reader  service  at  its  best.  An  online 
service  designed  to  provide  you  with  a  quick  and  easy  way  to 
request  information,  NetworkWorld  InfoXpress  offers  readers: 

■  Easier  access  to  more  relevant 
information. 

■  24-hour  service. 

■  The  ability  to  search  for  information  by  reader  ser¬ 
vice  number,  advertiser  name  or  product  category. 

■  Flexibility  in  requesting  information  via  mail,  email, 
telephone,  fax  or  linking  to  the  advertiser  Web  page 

Try  it  today  at: 


www.networkworld.com/infoxpress 


For  Free  Product  Info  —  www.networkworld.com/infoxpress 


& 


- — \  Serve  up  to  80%  on  new/ used: 
NETFA5T.  ►  Routers  ►Switches  ►XDSL  ►TICSU/DSUs 
^ ^  ►ATM  ►  Fast  Ethernet  ►ISDN  ►Frame Relay 


Cisco  Systems 


WE  BUY  USED 


►  CISCO 

►  Ascend 


►  Lucent/Livingston 

►  3C0M/USRobotics 


►  Nortel/Bay  Networks  ►  ADC  Kentrox 

►  Larscom  ►Cabletron  ►Newbridge 


www.  digitalwarehouse.  com 

DIGITAL  WAMHOUSK 

Your  Information  Superhighway  Discount  Sources 


►  Paradyne 
■  Motorola 


►  Xyplex 

►  Adtran 

►  Digital  Link  ►  Fore 

►  Network  Assoc.  ►  IBM 


.Netfast  Communications  Inc.,  56-29  56th  Drive,  Maspeth,  NY  1 1378  USA 


Phone:  1-888-892-4726  or  718-894-7500  Fax:718-894-1573 
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CISCO,  BAYNETWORKS,  CABLETRON 


ASCEND 

iJ 

FORE 

f 

3COM 

i 

CHIFCOM 

Visit  Our  WEBSITE@www.bixlnt.com 

NY  Office/Sales:  Main  Office: 

Tel:  (315)  458-9606  /jft Tel:  (978)  667-4926 
M  Fax:(315)458-9493  Fax:(978)663-0607  gg 
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Data  Memory  Systems  iiTHl  /f 

Toll  Free  800-662-7466 

24  Hour  On-line  Shopping 

CABLETRON 

www.datamem.com 

Only  authorized  reseller  of 
CABLETRON  refurbished  equipment. 

Never  Undersold  on  Memory 

Govt., Commercial.  Education  P.O.s  w/  Prior  Approval 

HUBS: 

5  Port  lOBase-T  No  AC  Required  -  $49.00 

8  Port  lOBase-T  BNC  &  Cables  -  $89.00 

16  Port  lOBase-T  BNC  lOOv  -  $129.00 

32  Port  lOBase-T  Rack  Mount  -  $365.00 

16  Port  100Base-TX  w/cascading  cables  -  $699.00 

24  Port  100Base-TX  w/cascading  cable  -  $1099.00 
SwitchHub  2-Port  10/100  Fast  Ether  -  $295.00 
SwitchHub  IxIOOTX  /  IxIOOFX  8x10Base-T-  $1150.00 
FastSwitchHUB  (2)  10.100TX-(8)  lOBase-T  0$1 329.00 
CONNECTORS  &  ADAPTERS: 

TurboNet  ST  Din  8  LocalTalk  Connector  -  $8.95 

Lightning  1100  PCI  LAN  adapter  Mac  or  PC  -  $69.00 
EtherLAN  Tr/Combo  lOBAse-T  &  Thin  AAUI  -$37.00 
EtherLAN  PCI  Internal  10Mbps  for  Mac  or  PC  -  $49.00 
TV-to-PC  Scanners: 

FOCUS  TView  Gold.  WIN/DOS/MAC  TV  scan  con¬ 
verter  w/lnfrared  Remote  &full  underscan\..$329.00 

Complete  selection  of  networking  connec¬ 
tors,  hubs  and  TView  Scanner 
Accessories  CALL...! 

USED/REFURBISHED 
Cabletron  *3Com  •  SynOptics 
Compex  •  Cisco  •  and  more! 

888-663-3313 

Fax:  (603)  893-8666 

COMMUNICATIONS,  LI C 

BUY/SELL/TRADE 

e-mail:  vnetek@tiacnet  Web:  www.vnetek.com 

www.datamem.com 

Brand  names  ore  registered  trademarks 
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WIDE  AREA  NETWORK  HARDWARE 


MICOM 

ADTRAN 

KENTROX 

FIBERMUX 

MOTOROLA 

MIILT1TECH 


MODEMS 

CSU/DSI 

T1-CSU/DSU 

MULTIPLEXERS 


(818)  772-1591 


FAX  (818)  772-6854 
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Systems/Featuret/Memory 


Also  Available:  wellfleet,  Bay,  Fore. 
Xylogics,  Livingston,  &  Ascend 


in  Stock  •  Fast  Delivery  •  No  Expedite  Charges 

COMSTAR,  INC 

The  »1  Network  Remarketer 

612*835*5502 

Fax  612«835«1927  E-Mall:salesOcomstarlnc.com 
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■5^^  Bay  Networks  weufieerj 


SynOptics 


caBieTRon 

_ s  Ysrems 

The  Complete  Networking  Solution" 


Largest  Inventory  of  Refurbished  Bay  Networks  in  America! 

•  Bay  Networks  Trained  •  Proven  Track  Record 

•  Bay  Networks  Authorized  •  One  Year  Warranties 

•  Hundreds  of  pieces  in  stock  •  Design  and  Install  Services 

•  New  and  Used  Equipment  •  Technical  Support 

On-Sight  Router  Installation 
WE  REPAIR  ALL  BAY  NETWORKS! 


National  LAN  Exchange  888  89 1-4B  AY 

O  (4  2  2  9) 

1403  W.  820  N.  Provo,  UT  84601  FAX  801  377  0078  http://www.nle.com 

C.O.D.’s  •  VISA  •  Mastercard  •  Discover  •  Terms 
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Do  You  Offer 
Training  or 
Educational 
Services? 

If  so,  find  out 
about  our  NEW 
“Training 
Directory” 

LCall  Enku  at 
800  622  1108 
ext.  7465 


UN/WAN  •  BUY/SELL 
FULLY  WARRANTEED 
NEW/REFURBISHED 


MODEMS 
DSU/CSU'S 
MULTIPLEXERS 
T-1  EQUIPMENT 
HUB,  BRIDGES,  ROUTERS,  ETC. 


Fibermux  AT&T  Synoptics 


Cisco  Specialists 


Cabletron  Bay  Networks 

We  carry  all  manufacturers,  call  John,  ext.  101. 


http  ://www.adcs-inc.com 

PHONE 
800-783-8979 


FAX  (916) 
-6962 
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3  Com  HUBS 
&  SWITCHES 

SUPER  STACK  2  -  IOBASE-T  SWITCHES 

12  PORT-W/TX  3CI690IA  . 

24  PORT-W/TX3CI6900A 
12  PORT-W/2  10/100-320  MODEL 
12  PORT  PS40  HUB/SWITCH-3C 1 6405  .. 

24  PORT  PS40  HUB/SWITCH-3CI6406 

12  PORT  IOBASE-T  HUB-3C 16670 

SUPER  STACK  2  1 OOBASE-TX  SWITCHES  &  HUBS 

AUTO  10/100  12  PORT  3CI6942A 

SWITCH  3000  5  100BASE-FX- 1  TX 

12  PORT  100BASE-TX  HUB-3C250B-TX 

12  PORT  I  0/  I  00  BASE  HUB-3CI6590 

24  PORT  10/100  BASE  HUB-3CI6591 . 

OFFICE  CONNECT  SWITCHES  AND  HUBS 
SWITCH  I40-3C3CI6730  W/4  IOBASES-T  &  I  TX 
SWITCH  1 40M-3CI673 1  -SAME  AS  1 40  W/MNGMNT 
HUB  TP  I40-3C  16723  W4  100BASE-TX  PORTS 
TP  1 200-30672 1  W/I2  100BASE-TX  PORTS 
NETWORK  ADAPTERS 
3C905TX  10/100  PCI 
3C90OTPO  IOBT  PCI 
3C509B-TPO  IOBT  IS 
3C509B-COMBO  IOBT  ISA 
BAY  NETWORKS 
BAYSTACK 

101  12  PORT  IOBT 

102  24  PORT  I  OB 
1 50  24  PORT  IOBT  W/MNGMNT 
153  1 2  PORT  NO  NMM 
152  16  PORT  IOBT  I  COAX 
INTEL  NETWORKING 
12  PORT  10/100  HUB 
24  PORT  10/100  HUB 
8  PORT  100BASE-TX  HUB 
24  PORT  IOBASE-T  SWITCH 
8  PORT  10/100  SWITCH 


NEW  /  USED  3  COM  PAR 


SI  159 
..  SI599 
$699 
S439 
$799 
S295. 

$1449 
$5709 
$799 
SI  099 
SI  699. 

$649. 
$669 
S 198 
S525 


S 6099/ 1 00  PACK 
$  1 300/20  PACK 
S  4  099/ 1 00  PACK 
S 6900/ 1 00  PACK 


3C509-TP 
3CI667I 
306670 
30  6900 
BAY  3308  B 
BAY  5308  P 
BAY  3304-ST 
IBM  8228  MAU 
CISCO  CSMEC6 
3C6555B-0I6R 
CHIPCOM  5 1 02M-FBP 
CHIPCOM  5 1 08M-TP 
CABLETRON  TPMIM-24 
CABLETRON  MRXI 
NETWORTH  UTPM-S 
KALPANA  EPP2 1  I 


$40. 
$650. 
$250. 
$1400 
$650 
$2395 
$700 
$95. 
$1200 
$9000 
$550 
....$550. 
...  $795 
$200 
.  .  $600 
$250 


$529 
$899 
$  799. 
$4 1 9 
S319 

$979 
SI  569 
$329 
SI  509 
S2039 


MORE  INTEL  NETWORKING 

NETPORT  10/100  PRINT  SERVER  .  $239  EXTERNAL 

PRO  1 0/ 1 00  PQ  NIC  $  1 330/20  PACK 

PRO/ 10+ ISA . $840/20  PACK 

CISCO  NETWORKING 

FAST  HUB  I08T8  PORT  100BASE-TX . $779 

fAST  HUB  3 1 6T  16  PORT  I OOBASE-TX  $1139 
FAST  HUB  3I6C  15  I00B1X/I  FX  $1499 

CATALYST  1900  12  PORT  IOBT  SWITCH  W/TXUPL  $1229 
GAT/VYST  1 900  24  PORT  IOBT  SWITCH  W/TX  UP!  $1459 
MUCH,MUCH  MORE!!!  PLEASE  CALL! 

WWW 800-AKA-3COM  COM 
Prices  May  Vary  according  to  Quantity 


|  Quantity.  Reseller.  Government  &  Education.  Discounts  available  i 


[ESSa 


f 47  WEr'mAN  Ctl  |  |  PL/XINVIEW,  NY  1  J  \  1  1  HQ  3  | 
fpH  5  1  6-293-520(71  i  FAX  5  1  6-293-53251 


AUTHORIZED  PRODUCT 
&  SERVICE  CENTER 
WE  TEST  ALL  PARTS  ;  ‘ 
BEFORE  WE  SHIP  [ 
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Livingston  US  Robotics 

Ascend  ^  ®AY  Micom 


,tr  "x, 

+?  Specialist  in  all  ^ 
^  Cisco  products 
W  including  Memory 


p  LAN/WAN  Products 


q  New,  Used,  Lease,  . 

Rent  vocoder 


3Com 


Adtran  NO  a*"  Xylogics 
Motorola  Wellfleet 

We  carry  all  Manufacturers 


Millennium  Solutions  Group,  Inc. 


•Routers,  Bridges  •  Frame  Relay 
•DSU/CSU's  *Hubs,  Modems 

•Switches,  ATM  ‘Voice  over  Data 


We  Buy  and  Sell 

888-801-2001  Fax  (916)  797-9997 
Visit  our  Web  Site  at: 
http://www.millenniumsolutions.net 
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For  details  on  how 
to  put  your  ad  here 


Enku  Gubaie 
1-80Q-622-1108 


Clean  up  your  world. 


Built  to  order 
rack  mount  solutions . 

Redundant  Servers 
and  RAID  Subsystems. 

Cull  us,  we  do  the  dirty  /  work. 

800-480-4384 

Raekmaster  Systems,  Inc. 
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The  Hub  of  the  Network  Buy 


CrossTec’s  NetOp  School 

(800)  675-0729 
www.4ctc.com 

FREE  EVAL  -  Remote  Control,  Chat, 
Monitor  or  Demo  to  multiple  PCs 

NCR  Customer  Education 

(800)  845-2273 
www.ncr.com/trainus 

Cisco,  MCSE,  NT  &  Networking, 
Training 

Edutec  Training  Rooms 

Pine  Mountain  Group 

(212)  634-4288 

(800)  645-8486 

www.hertztec.com 

www.pmg.com 

Modem  rooms  for  LEASE  in  NYC 

Router,  server,  desktop,  NT 

15-20  wkstn  per,  T1  lines... 

Troubleshooting.  Multi-vendor. 

ForeFront  Direct 

Scholars.com 

(800)  475-5831 

(506)  457-1285 

www.ffg.com 

www.scholars.com 

Computer  based  training  for 

Online  mentoring  for  MCSE,  MCSD, 

the  I.T.  industry 

CNE,  Cisco,  and  General  IT  Free  evals! 

GeoTYain  Corp. 

Transcender  Corporation 

1-800-COURSES 

(615)  726-8779 

www.geotrain.com 

www.transcender.com 

Cisco-certified  Internetworking 

MCSE,  MCSD,  MCP  Exam 

classes  and  certifications-Now! 

Simulations 

Marcraft  International 

To  Place  Your 

(800)  441-6006  Ext.  25 

Listing  Here 

www.mic-inc/Aplus.com 

NEW  A+  Certification  Books,  CD  and 

Call  Enku  Gubaie 

over  950  test  questions  $165 

at  1-800-622-1108 

For  information  on  listing  your  service  here,  contact 
Enku  Gubaie  at  800-622-1108  x7465,  egubaie@nww.com 


CLEAN  UP 
YOUR  ACT! 

I  Network  Furniture! 

Factory  Direct  I 

By  Computer  Comforts 

LOOK: 

www.ComputerComforts.com 

CALL: 

281-488-2288 
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SOFTWARE  AT  WHOLESALE  $$$$$ 


MICROSOFT  NT-V4.0 

Office  Pro ‘97  SB  $158 

Office  Pro ‘97  $198 

NT  Server-5  Clients  $455 
NT  Server-10  Clients  $565 


NOVELL  - 
INTRANETWARE 

Intra-SB-  5  user  $395 
intra  SB- 10  user  $695 
Intra/4.1 1-5  user  $595 
Intra/4.1 1-10  user  $1295 


NT  Server-20  LicPac  $295 
NT  Workstation  $125 
Back  Office-SB-10  $985 
Back  Office-SB-25  $1385 


Intra/4.11-25  user  $1985 
Intra/4.11-50  user  $2995 
Intra/4.11-100  Call 
Intra/4.1 1  -250  Call 


Distributing: 

NOVELL  -  MICROSOFT  -  CISCO  -  3COM  NETWORKS  INTEL  Etc. 
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Novell  Groupwise  at  50%  Novell  Upgrades  at  60% 
Off  List  Call  for  Best  PrlceHl  Off  List  Call  for  Best  Price!!! 


ROUTERS  •  HUBS 
DSU/CSU  •  SWITCHES 
TERMINAL  SERVICES 


BUY/SEll/lEASE 


UVINGSfOi 


Overnight  Delivery:  fully  Guar  an  feed 


BAY  •  3COM  •  ADTRAN  •  KENTROX 


800-230-8638 


mm  Ph:  805-964-1314 
—  Fox:  805^64-5649 


www.networkhardware.smr. 


Network  Hardware  Resale  Inc. 

6445  lull  Km.  Sn.  B,  Sinn  Baits ,-jut,  CA  93117 
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J  Net  work  World 


TECHNICAL  SEMINARS 


Ii Network  World  Technical  Seminars 
are  one  and  two-day,  intensive  semi¬ 
nars  in  cities  nationwide  covering  the 
latest  networking  technologies.  All  of  our  seminars  are  also  available  for  customized 
on-site  training.  For  complete  and  immediate  information  on  our  current  seminar  offer¬ 
ings,  dial  our  instant  fax-back  service  at  800-756-9430  from  your  touch  tone  phone 
or  call  a  seminar  representative  at  800-643-4668. 


I  R  E  C  T  0  R  Y 


EE 


SERVICES 


NetDra||Ki 


Create  network  diagrams,  proposals  and  presentations  fast  and  easily 
with  Network  World's  NetDraw  and  NetDraw  Plus  software.  At  your  fin¬ 
gertips,  you  will  find  over  2,000  full  color  network  images,  many  the 
complete  likeness  of  your  network  equipment.  Now  it’s  easy  to  attach  text  files,  Word  documents,  other  programs,  or  even 
Web  hyperlinks  directly  to  images.  You  can  even  embed  your  finished  diagrams  directly  into  Microsoft  Office  documents.  Go 
to  www.netdraw.com  to  download  your  free,  30-day  trial  of  this  extremely  easy-to-use  product  today.  Call  800-643-4668  to 
order  a  copy  for  only  $149! 
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buy  now  or  wait  for  companies 
to  propose  new,  improved 
“IPSecond”  features. 

IPSec  defines  encryption, 
authentication  and  key  man¬ 
agement  routines  for  ensuring 
the  privacy,  integrity  and 
authenticity  of  data  as  it  tra¬ 
verses  public  IP  networks. 

At  its  core,  IPSec  is  intended 
to  let  users  identify  each  other 
over  a  network  by  swapping 
X.509  digital  certificates  — 
or  some  shared  secret  —  in 
order  to  set  up  an  encrypted  IP 
tunnel. 

“There  are  things  we  need  to 
change,  and  some  will  be  easy 
and  some  will  be  hard,”  says 
Bob  Moskowitz,  co-chair  of  the 


IETF  IP  Security  Work  Group. 
“Vendors  are  going  to  have  to 
make  changes  to  their  existing 
equipment.” 

According  to  Moskowitz, 
one  of  the  items  the  working 
group  will  look  to  accomplish 
is  the  addition  of  a  new  crypto¬ 
graphic  algorithm  to  IPSec. 
At  the  meeting,  IBM  will  pro¬ 
pose  adding  a  new  authentica¬ 
tion  algorithm  for  faster  data 
processing  in  the  Internet  Key 
Exchange  (IKE).  IKE  supports 
RSA  and  the  government’s 
Digital  Signature  Standard. 

Achieving  faster  processing 
becomes  important  when  a 
gateway  has  to  handle  1,000 
connections  at  a  time.  The  auto 
industry  expects  to  see  that 
level  of  traffic  when  using  IPSec 
for  security  in  the  Automotive 
Network  Exchange  (ANX), 
Moskowitz  notes. 

The  ANX  is  billed  as 
the  world’s  largest 
industrywide  extranet; 
it  is  likely  to  link  thou¬ 
sands  of  vendors  and 
customers. 

The  harder  IPSec 
change  will  be  stan¬ 
dardizing  on  an  IPSec 
remote  client.  The  goal 
of  the  IETF  meeting  is 
to  define  a  client  that 
can  support  IP  address 
changes  automatically, 
Moskowitz  notes. 

“If  the  user  is  dialing 
in  and  the  ISP  assigns 


What’s  next  for  IPSec? 


How  the  IP  Security  Protocol  suite  is 

expected  to  evolve: 

o  An  improved  IPSec  client  will  use 
standardized  dynamic  IP  addressing. 

O  Support  for  additional  cryptographic 
algorithms,  including  RIPEM-160,  which 
Europeans  want,  and  a  new  authenti¬ 
cation  algorithm  from  IBM  touted  as 
more  processing-efficient  than  RSA  or 
the  Digital  Signature  Algorithm. 

o  Corrections  in  the  way  cryptographic 
keys  are  exchanged  via  the  Internet  Key 
Exchange  protocol. 


A  busy  week  at  the  IETF 

The  Internet  Engineering  Task  Force  (IETF)  next 

week  will  tackle  a  number  of  burning  issues,  includ¬ 
ing  how  to  boost  IP  quality  of  service  and  Internet 
security.  Specifically: 

•  The  Differentiated  Services  (Diff-Serv)  working 
group  is  expected  to  send  its  Header  Document  to  the 
IETF’s  Internet  Engineering  Steering  Group  (IESG)  for 
final  ratification.  Diff-Serv  defines  IP  classes  of  service 
(CoS)  using  the  type  of  service  (ToS)  field  in  the  header 
of  an  IP  packet.  The  Header  Document  describes  the  way 
the  ToS  field  should  be  used  to  ensure  backward  compati¬ 
bility  with  other  CoS  technologies. 

•  The  Diff-Serv  folks  also  expect  to  discuss  new  per- 
hop-behavior  (PHB)  settings.  PHBs  define  packets  as  they 
travel  over  the  Internet.  Two  PHBs  will  be  discussed  this 
week:  expedited  forwarding  and  assured  forwarding. 
Expedited  forwarding  will  support  high-priority,  guaran¬ 
teed  IP  traffic.  Assured  forwarding  is  expected  to  support 
both  high-  and  low-priority  traffic. 

•  The  Open  PGP  working  group  hopes  to  submit  the 
final  draft  of  Open  PGP,  a  mail-  and  file-encryption  pro¬ 
gram.  This  draft  essentially  is  a  public  domain  version  of 
Pretty  Good  Privacy  5.0.  The  IESG  will  decide  if  Open 
PGP  can  move  forward  as  an  IETF  RFC  standard. 

—  Denise  Pappalardo  and  Ellen  Messmer 


an  IP  address,  the 
IPSec  gateway  will 
need  to  know  how 
to  let  randomly 
assigned  addresses 
within  this  tunnel,” 

Moskowitz  says. 

The  IPSec  work¬ 
ing  group  wants  to 
define  a  way  to  estab¬ 
lish  an  encrypted  ses¬ 
sion,  in  which  the 
gateway  will  be  able 
to  assign  an  IP  address  to  con¬ 
trol  where  the  remote  user  is 
allowed  to  go  inside  the  in¬ 
tranet.  This  will  mean  having  to 
change  how  the  IPSec  server 
now  works. 


Unfortunately, 
the  IPSec  working 
group  is  not  in 
accord  with  anoth¬ 
er  IETF  group, 
called  the  IP 
Mobile  working 
group,  on  exactly 
how  this  should  be 
done.  Another  dif¬ 
ficult  item  on  this 
week’s  agenda  will 
be  redefining  the 
core  IKE  protocol.  Security 
experts  recently  uncovered  a 
flaw  related  to  the  improper 
exposure  of  information, 
Moskowitz  says. 

And  IKE,  as  it  now  exists, 


handles  time-expiration  of  ses¬ 
sion  keys  in  a  way  that  could 
cause  one  gateway  not  to 
understand  another. 

In  addition,  when  two  IPSec 
servers  fail  to  establish  an 
encrypted  session  with  each 
other,  they  can’t  exchange 
details  on  why  the  session 
failed. 

The  IPSec  working  group 
wants  to  remedy  that  oversight 
before  the  IPSec  standard  gets 
too  far  along. 

Without  a  uniform  IKE, 
there  will  be  no  IPSec  interop¬ 
erability  unless  users  are  will¬ 
ing  to  manually  exchange  keys 
—  an  impractical  notion.  R 


Moskowitz  is  driving 
many  of  the  changes. 


B.J.  SAYS: 

Compaq  Computer’s  B.J.  Johnson 
speaks  out. 

On  policy-based  management 
and  QoS: 

“ What  we  have  for  tools 
now  is  rudimentary.  But 
it’s  obvious  that  QoS 
is  going  to  be  an  area 
that  grows  because  it  has 
so  much  value  to  our  cus¬ 
tomers.  Frankly,  I  don’t  see 
anybody  out  there  who  is 
ahead  of  us.” 

On  Compaq  buying  Cabletron: 
“It’s  not  accurate  that 
there  is  any  thought  of  an 
acquisition  or  anything 
like  that.  There’s  nothing 
going  on.  ” 


On  DSL  technology: 

“The  real  deal 
around  UADSL  is 
getting  accepted 
by  the  consumer. 
Once  you  get  the 
[residential]  volume, 
you  can  see  what 
you  need  for  the 
corporate  customer.  ” 


Compaq 

Continued  from  page  1 

Johnson,  vice  president  of 
Compaq’s  networks  and  access 
communications  division. 

Compaq  also  has  remote 
access  stars  in  its  eyes  and  plans 
to  develop  higher  end  Windows 
NT  products  in  this  area, 
Johnson  says. 

While  shy  about  specifics  dur¬ 
ing  an  interview  with  Network 
World,  Johnson  says  Compaq  has 
a  chance  to  surge  ahead  in  QoS, 
an  area  related  to  policy-based 
network  management.  They 
both  give  designated  users  or 
applications  better  network  per¬ 
formance,  he  says. 

“What  we  have  now  for  man¬ 
agement  tools  is  rudimentary. 
But  it’s  obvious  that  QoS  is 
going  to  be  an  area  that  grows 
because  it  has  so  much  value  to 
our  customers.  Frankly,  I  don’t 
see  anybody  out  there  who  is 
ahead  of  us,”  Johnson  says. 

With  a  strong  hold  on 
installed  servers  and  desktops, 
and  alliances  with  software  ven¬ 
dors,  he  sees  Compaq  in  a 
unique  position  to  establish  pri¬ 
ority  schemes  that  incorporate 
QoS  across  Ethernet.  Johnson 
says  Compaq  will  look  at  how  to 
carry  LAN  QoS  across  the  WAN. 

Johnson  is  also  developing 
plans  for  the  future  of 
Compaq’s  remote  access  gear. 
While  continuing  to  push  the 
Compaq  Microcom  6000  con¬ 
centrator,  the  company  will 
boost  its  development  of  servers 
that  exploit  Windows  NT 
Remote  Access  Services  (RAS). 

The  RAS  servers  will  be  able 
to  handle  more  remote  users 
than  current  low-end  Compaq 
remote  access  servers,  and  will 
rely  on  high-density  56K  bit/sec 
dial-up  digital  modem  cards 
bought  from  modem  special¬ 
ists.  The  servers  could  also  sup¬ 


port  multiple  T-l  connections, 
Johnson  says. 

Carbon  Copy,  Microcom ’s 
software  that  makes  remote 
access  transactions  more  effi¬ 
cient,  will  likely  be  added  to  the 
new  NT  servers,  Johnson  says. 

Compaq  will  also  be  looking 
to  add  features  that  support  vir¬ 
tual  private  networks,  includ¬ 
ing  firewalls  and  Internet  tun¬ 
neling.  “There  are  all  kinds  of 
things  you  can  build  on  top  of 
an  NT  server  that  we  are  look¬ 
ing  at,”  Johnson  says. 

Johnson  expects  the  price  of 
such  boxes  to  come  down  as 
prices  of  processors  and 
modem  cards  drop  and  new 
features  such  as  Layer  2 
Tunneling  Protocol  are  added 
to  NT.  “The  costs  have  to  come 
down,”  Johnson  says. 

He  says  residential  cus¬ 
tomers,  not  businesses,  will  lead 


the  way  to  establish  high-band¬ 
width  digital  subscriber  line 
(DSL)  technology.  The  accep¬ 
tance  of  DSL  will  be  driven  by 
the  consumer  version  that  is 
being  developed  under  the 
name  of  Universal  asymmetric 
DSL  (UADSL).  Compaq  is  a  key 
corporate  backer  of  a  UADSL 
standard  also  backed  by 
Microsoft  and  the  regional  Bell 
operating  companies. 

When  consumer  UADSL 
demand  is  high,  Compaq  will 
look  at  what  gear  corporations 
need  to  support  such  broad¬ 
band  remote  access  networks, 
Johnson  says.  That  gear  could 
include  servers  with  high-band- 
width  interfaces  to  link  corpo¬ 
rate  sites  to  the  Internet.  81 
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Catalyst  switches.  Cisco  runs 
token-ring  data  through  these 
modules  by  tagging  token-ring 
frames  with  its  InterSwitch  Link 
(ISL)  virtual  LAN  (VLAN) 
trunking  protocol.  ISL  runs  on 
Fast  Ethernet  and  Gigabit 
Ethernet  backbones  and  identi¬ 
fies  the  VLAN  to  which  particu¬ 
lar  traffic  belongs. 

The  demonstration  was  in¬ 
tended  to  show  users  how  they 
can  gradually  migrate  from 
token  ring  to  Ethernet  using 
the  latest  high-speed  tech¬ 
nology  —  Gigabit  Ethernet. 

“The  purpose  ...  is  to  permit 


the  Gigabit  token-ring  customer 
to  migrate  from  token  ring  to 
Ethernet  in  an  orderly  fashion,” 
says  John  Marsland,  a  Cisco 
token-ring  product 
manager.  Running 
token-ring  data  over 
Gigabit  Ethernet  will 
ostensibly  also  en¬ 
able  token-ring  users 
to  support  band¬ 
width-intensive  mul¬ 
timedia  applications 
that  can  only  be  run 
over  1G  bit/sec 
links.  And  when  they 
migrate  to  Gigabit 
Ethernet,  they  won’t  have  to 
swap  switches. 

In  the  demonstration,  Cisco 
ran  token-ring  frames  through  a 


three-port  Gigabit  Ethernet 
switch  and  a  two-port  Gigabit 
Ethernet  Supervisor  III  manage¬ 
ment  module  on  the  Catalyst 
5500.  By  tagging 
token-ring  packets 
with  ISL,  Cisco  can 
support  Ethernet 
and  token-ring 
frames  over  Fast 
Ethernet  and  Giga¬ 
bit  Ethernet  back¬ 
bones.  Cisco  can 
also  support  multi¬ 
ple,  media-indepen¬ 
dent  VLANs  over 
those  same  back¬ 
bones,  Marsland  claims. 

ISL  tagging  does  not  violate 
standard  token-ring  frame  sizes 
of  18,000  bytes,  Marsland  says, 


so  no  special  segmentation  and 
reassembly  hardware  is 
required.  “We  do  nothing  but 
transport.  It  doesn’t  change  the 
size  of  the  token-ring  frame  at 
all,”  he  says. 

ISL  tagging  is  the  same  tech¬ 
nique  Cisco  uses  to  boost  token¬ 
ring  speeds  to  100M  bit/ sec. 

But  while  many  vendors, 
including  IBM,  Olicom  and 
Madge  Networks,  are  working 
diligently  on  100M  bit/sec 
token-ring  products,  Cisco  may 
be  the  first  to  show  1G  bit/sec 
token-ring  gear  (see  related 
story,  page  1).  “No  one  else  is 
doing  it,”  Marsland  says. 

That  may  be  because  others 
are  working  on  native,  IEEE 
802.5-compliant  100M  bit/sec 


and  1G  bit/sec  token-ring  offer¬ 
ings  while  Cisco  is  mapping  it  to 
Fast  and  Gigabit  Ethernet 

Indeed,  Cisco  backed  out  of 
the  High-Speed  Token  Ring 
Alliance  (HSTRA)  earlier  this 
year,  citing  litde  to  no  market 
demand  for  the  technology 
( NW,  April  6,  page  1). 

Then  why  pursue  Gigabit 
token  ring?  To  further  under¬ 
score  its  strategy  of  gradually 
migrating  users  to  Ethernet, 
Cisco  must  support  token-ring 
capabilities  on  the  latest 
Ethernet  technology. 

“HSTR  will  lock  you  in” 
to  token-ring  technology,  Mars¬ 
land  says.  But  ISL  could  lock 
users  into  Cisco  equipment, 
others  say. 


Cisco’s  Marsland 
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the  conversion.  Because  part 
of  his  job  is  to  maintain  a  24-7 
database  with  research  infor¬ 
mation  for  all  of  UCLA 
through  the  Internet,  it  wasn’t 
an  inviting  prospect.  “Before  I 
was  thinking  ‘Just  upgrade  the 
whole  network  to  Ethernet,’ 
but  with  the  cost  of  the  cards 
and  everything,  it’s  not  cost- 
effective  to  do  that,”  he  says. 

When  Olicom  asked  him  to 
beta  test  its  first  100M  bit/ sec 
token-ring  technology,  Chui 
says  he  jumped  at  the  chance. 

Chui  put  Olicom’s  100M 
bit/ sec  token-ring  network 
interface  card  (NIC)  into  his 
NT  SQL  server  and  hooked  it 
up  to  Olicom’s  HSTR  uplink 
module  in  its  8600  CrossFire 
token-ring  switch. 

While  he  saw  an  increase  in 
speed,  he  says  he  won’t  get  the 


full  benefits  of  HSTR  until 
he  gets  HSTR  NICs  for  the 
desktop.  Those  are  expected  to 
arrive  in  the  first  quarter  of 
1999,  and  he  plans  to  deploy 
them  then. 

What  he  is  getting  right  now 
is  the  assurance  that  he  can 
keep  his  token-ring  network 
for  at  least  a  few  more  years, 
and  he  thinks  other  people  will 
feel  the  same  way. 

“HSTR  products  can  help  a 
lot  of  people  that  already  have 
the  token  ring,”  Chui  says.  “For 
now,  there’s  not  enough  good 
things  to  convince  me  to  go  to 
Fast  Ethernet.” 

With  Olicom  set  to  ship  the 
industry’s  first  HSTR  products 
next  week,  users  are  indeed 
getting  more  confident  they 
will  be  able  to  hang  onto  their 
token-ring  networks  for  a  few 
years  —  and  maybe  longer 
than  that. 

Olicom’s  100M  bit/sec 
server  NIC  and  a  two-port  100M 


bit/sec  uplink  module  for  the 
company’s  CrossFire  8600 
switch  will  beat  IBM  and  other 
token-ring  vendors  to  market 
by  two  to  three  months, 

Olicom  estimates.  IBM 
disputes  that  notion 
(see  sidebar).  By  the 
first  quarter  of  1999, 
Olicom  plans  to  ship 
autosensing  4/16/1 00M 
bit/sec  desktop  NICs 
and  16-port  and  32-port 
HSTR  switches. 

By  getting  to  market 
first,  Olicom  is  hoping 
to  pick  off  other  ven¬ 
dors’  users  who  are 
frustrated  with  16M 
bit/ sec  token  ring  but 
who  don’t  want  or  can’t 
afford  to  go  to 
Ethernet. 

And  Olicom  is  beginning  to 
do  just  that.  The  company  has 
been  able  to  win  over  David 
Soper,  vice  president  of  net¬ 
work  services  at  BancorpSouth, 


a  regional  bank  in  Tupelo, 
Miss.  BancorpSouth  also  serves 
as  a  holding  company  for 
Volunteer  Bank  in  Tennessee 


and  has  announced  acquisi¬ 
tions  of  several  other  banks  in 
Alabama. 

Soper  says  his  network, 
which  has  more  than  2,000 
nodes  and  a  WAN  spanning 
three  states,  is  about  90%  IBM, 
with  about  5%  Cabletron  and 
an  equal  amount  of  Olicom 
equipment.  Right  now,  he’s 
beta  testing  an  Olicom  100M 
bit/sec  HSTR  server  NIC  and 
CrossFire  8600  switch.  So  far, 
he  says  he’s  impressed. 

“We’ve  seen  stuff  go  across, 
and  we’ve  been  watching  it 
very  closely,  and  we  think  we 
can  even  hear  it,”  because  it’s 
so  fast,  he  jokes.  He  plans  to 
beta  test  it  until  Olicom  pries 
the  equipment  out  of  his 
hands,  he  says. 

If  he  remains  satisfied  with 
the  performance,  Soper  plans 
to  put  the  HSTR  NICs  in  up  to 
12  servers,  and  he’ll  consider 
adding  100M  bit/ sec  to  the 
desktop  as  well. 

While  he  says  he’s  not  ex¬ 


actly  choked  for  bandwidth 
right  now,  he’s  moving  into  a 
building  with  multiple  floors, 
and  each  floor  will  have  its  own 
independent  ring. 

By  segmenting  the  network 
with  an  intelligent  hub,  he’s 
going  to  be  pushing  more 
bandwidth  to  his  backbone  on 
each  floor. 

While  he’s  still  using  IBM 
Token  Ring  equipment,  he  says 
Olicom’s  gaining  a  real  edge 
with  pricing  and  performance 
on  adapters.  For  example,  he 
says  Olicom  charges  him  $10 
to  $20  less  per  16M  bit/sec 
NIC  than  IBM. 

What  really  made  him  take  a 
second  look  at  Olicom  was  that 
the  Olicom  cards  support  a 
Linux  driver,  he  says.  Linux  is  a 
home-grown  Unix  operating 
system  that  has  gained  almost  a 
cult  status  in  the  past  year; 
BancorpSouth  uses  it  in  work¬ 
groups  attached  to  its  network. 

But  the  bottom  line  is  this: 
Will  token-ring  users  still 
migrate  to  Ethernet  in  any  sig¬ 
nificant  numbers?  Maybe  not 
anytime  soon.  As  Soper  puts  it, 
“We  are  so  large  and  so  seeded 
in  token  ring  —  I  can’t  imag¬ 
ine  that  it  would  be  prudent 
anytime  in  the  near  future.” 

Olicom’s  RapidFire  3530 
HSTR  100  PCI  adapter  will  list 
for  $350.  The  CrossFire  8650 
HSTR  Uplink  universal  expan¬ 
sion  module  over  copper  will 
list  for  $1,100,  and  the 
CrossFire  8651  HSTR  over 
multimode  fiber  will  list  for 
$1,350.  Each  module  is  outfit¬ 
ted  with  two  100M  bit/sec 
HSTR  ports. 

©  Olicom:  (972)  907-4600 
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IBM  High-Speed  Token  Ring  gear  not  far  behind 


IBM  estimates  it  owns  50%  of  the 

roughly  20  million  token-ring  nodes  in 
the  U.S.,  according  to  David  Olechov- 
sky,  a  product  line  manager  for  IBM 
Token  Ring  products.  And  the  company  is 
not  ceding  the  market  to  Olicom  or  any 
other  players  just  yet. 

Olechovsky  says  IBM  plans  to  ship  auto¬ 
sensing  High-Speed  Token  Ring  (HSTR) 
4/16/100M  bit/sec  adapters  for  clients  and 
servers  in  the  next  30  to  60  days.  A  100M  bit/ 
sec  universal  feature  card  for  the  8270  Nways 
LAN  Token  Ring  Switch  should  be  available 
by  year-end  or  early  in  1999. 

Sources  familiar  with  the  negotiations  say 
IBM  is  also  talking  with  Xylan  about  develop¬ 
ing  HSTR  switches,  but  Olechovsky  declined 
to  comment.  He  would  only  say  he  expects 


IBM  to  ship  HSTR  switches  later  this  year. 

IBM  resells  Xylan’s  OmniSwitch  as  the 
8274  LAN  Nways  RouteSwitch,  with  mod¬ 
ules  for  token  ring,  Ethernet,  Fast  Ether¬ 
net,  FDDI  and  ATM.  Xylan  expects  to  ship 
new  16-  and  32-port  16M  bit/ sec  token 
ring  modules  that  IBM  will  resell  by  Octo¬ 
ber.  IBM  currently  sells  a  six-port  module 
for  the  switch. 

An  International  Data  Corp.  survey  puts 
token-ring  sales,  which  includes  adapters, 
hubs  and  switches,  in  1997  at  $1.8  billion, 
which  is  impressive.  That  is,  until  you  com¬ 
pare  it  with  Ethernet  sales  for  the  same 
year  —  almost  seven  times  the  amount,  at 
$12.4  billion. 

—  Robin  Schreier  Hohman 


BancorpSouth’s  Soper  is  impressed  with  the  per¬ 
formance  of  HSTR  gear. 
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“As  far  as  I  know,  ISL  only 
talks  to  other  ISL  equipment, 
and  that  means  only  Cisco 
equipment,”  says  David  Ole- 
chovsky,  chairman  of  the 
HSTRA  and  a  product  line  man¬ 
ager  for  IBM  Token  Ring  prod¬ 
ucts.  “We  haven’t  tested  ISL,  but 
we  would  naturally  be  con¬ 
cerned  about  the  latency  intro¬ 
duced  by  encapsulating  token 
ring  in  Ethernet  frames,”  he  says. 

“I’ve  done  enough  work  with 
Cisco  to  know  they  have  zero 
plans  of  doing  either  Fast  token 
ring  or  gigabit  token  ring,”  says 
David  Passmore,  president  of 
NetReference,  a  Sterling,  Va., 
consultancy.  “This  is  consistent 
with  their  strategy  to  offer 
switched  token  ring  at  the  edge, 


but  the  trunking  between  those 
switches  would  all  be  Ethernet- 
based.” 

That  hits  home  with  users. 

“Our  plan  is  to  migrate  from 
token  ring  to  Ethernet;  we’ve 
already  launched  that  program,” 
says  Charles  Sokolski,  managing 
director  of  telecommunications 
for  The  Equitable  Life  insur¬ 
ance  company  in  New  York. 

“It  could  offer  some  en¬ 
hancements  in  my  installed 
base  of  token-ring  users.  If  I  can 
upgrade  my  ISL  backbones  to 
Gigabit  and  support  both  my 
new  Ethernet  desktops  as  well 
as  my  legacy  token  ring  and  get 
those  performance  advantages, 
it’s  really  ideal.  I  don’t  know 
that  it  prolongs  the  life  of  token 


ring,  but  it  helps  me  during  my 
migration  period,”  he  says. 
Cisco  is  currently  taking 


orders  for  the  Gigabit  Ethernet 
switch  modules  and  uplinks  with 
ISL/ token-ring  support.  IB 


Get  more  Information  online 
at  www.nwfuslon.com 
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CISCO’S  GIGABIT-TOKEN  RING  ROAD  MAP 

Here  is  the  route  taken  by  one  token-ring  packet  using  InterSwitch  Link  (ISL). 


Token-ring  traffic  flows  into  Cisco 
Catalyst  Switch. 
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Continued  from  page  1 
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Cisco 
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“I  believe  it  was  discovered 
while  we  were  doing 
research  into  a  com¬ 
pletely  different  issue,” 
says  Peter  Long,  direc¬ 
tor  of  IOS  marketing  at 
Cisco.  “We  didn’t  actu¬ 
ally  have  anybody 
report  any  particular 
exploitation  of  this  bug.  But  it 
helped  explain  some  of  the 
unexplained  crashes  reported 
sporadically.” 

Cisco  discovered  the  bug 
weeks  before  the  field  notice 
went  out  on  Aug.  12,  Long  says. 

The  error  affects  most  Cisco 
routers  with  model  numbers 
greater  than  or  equal  to  1000, 
including  the  high-end  7000 
and  12000  series,  which  are 
prevalent  in  large  enterprise 


and  ISP  nets.  The  bug  does  not 
affect  the  7XX  series  routers; 
Catalyst  LAN  switches;  WAN 
switching  products  in  the  IGX 
or  BPX  lines;  the  AXIS  shelf; 
early  models  of  the  Light- 
Stream  1010  or  LightStream 
2020  ATM  switches;  or  any 
host-based  software, 
Cisco  says. 

If  attackers  know  the 
details  of  the  Cisco  IOS 
software  error  they  will 
be  able  to  cause  the 
router  to  crash  and 
reload  without  having  to  log 
on  to  the  router,  according  to 
the  field  notice.  Such  exploita¬ 
tion  would  require  significant 
engineering  skill  and  a  thor¬ 
ough  knowledge  of  the  inter¬ 
nal  operation  of  Cisco  IOS 
software,  including  Cisco 
trade-secret  information,  the 
notice  states. 

And  it  is  not  necessary  to  log 
on  to  exploit  this  vulnerability; 
simply  establishing  a  terminal 


The  remote  router  crash  situation 


Problem: 

Unauthenticated  users 
can  crash  Cisco  routers 
without  logging  on. 

Who's  affected: 

Any  user  of  Cisco  routers, 
beginning  with  1000 
series  on  up  and  running 
IOS  9.1  and  later  versions. 


Impact: 

In  addition  to  crashing  a  router  without  logging  on,  attackers  can 
damage  internal  data  structures  to  further  impair  system  operation. 

Fix: 

Certain  images  in  the  ll.X  release  cycle  have  been  corrected;  the  first 
regular  fix  will  be  in  11.0(21),  due  next  month. 

Workaround: 

Configure  access  control  lists  for  IP  terminal  access;  deny  access  to 
non-IP  terminals. 


connection  is  enough  to  cause 
a  crash,  the  notice  says. 

Those  connections  include 
direct  console  or  asynchronous 
serial  connections,  including 
dial-up;  telnet;  Unix  “r”  com¬ 
mands;  LAT,  MOP,  X.29  and 
V.120  connections;  and  possi¬ 
bly  others.  Cisco  strongly  urges 
network  administrators  to 
assume  that  hostile  users  can 
find  ways  to  make  interactive 
connections  to  the  administra¬ 
tors’  Cisco  IOS  devices. 

IBM  Global  Services  has 
45,000  business  customers  that 
depend  on  IBM  for  WAN  con¬ 
nectivity.  Many  of  those  cus¬ 
tomers  are  affected  by  the 
Cisco  bug,  according  to  an 
IBM  Global  Services  spokes¬ 
man.  “We’re  still  assessing  how 
many  routers  will  need  to  be 
upgraded,  but  it’s  in  the  thou¬ 
sands,”  he  says. 

Cisco  sent  a  software  patch 
to  IBM  Global  Services  last 
week.  The  software  is  being 
tested  in  IBM’s  quality-assur¬ 
ance  test  lab,  so  IBM  is  certain 
the  software  patch  will  not 
cause  any  other  problems  for 
customers,  the  spokesman  says. 

It  also  connects  a  dial-up 
business  line  used  for  upgrades 
and  monitoring  purposes 
when  IBM  deploys  routers  for 
its  customers,  he  says.  IBM 
Global  Services  is  instructing 
customers  to  disconnect  the 
dial-up  connection  to  elimi¬ 
nate  the  risk  of  an  attack. 

When  IBM  is  ready  to  send 
the  software  patch,  the  com¬ 
pany  plans  to  notify  all  cus¬ 
tomers  via  telephone  so  they 
can  reconnect  their  dial-up 
connection,  the  spokesman 
says.  IBM  Global  Services  will 
not  start  sending  patches  out 
until  early  September,  he  says. 

Yet  AT&T  Solutions  would 


rather  risk  attack  than  fix  the 
bug  with  software  that  may  be 
unstable.  “The  new  code  that 
Cisco  is  offering  would  raise 
the  possibility  of  introducing 
other  difficulties  into  AT&T 
Solutions’  networks,”  an  AT&T 
spokesman  says. 

AT&T  Solutions  manages 
networks  for  big  business 
clients  such  as  Clorox,  Visa  and 
the  Automobile  Association  of 
America.  In  total,  AT&T 
Solutions  is  managing  more 
than  10,000  Cisco  routers  that 
could  be  affected  by  the  bug, 
the  spokesman  says.  “We 
haven’t  seen  anything  along 
the  lines  of  what  Cisco  has 
warned  about  in  our  own  gear 
or  in  anything  we  manage  for 
our  clients,”  the  AT&T 
spokesman  says. 

The  University  of  Southern 
California  (USC)  has  not  seen 
any  of  its  Cisco  routers  mysteri¬ 
ously  crash.  But  the  bug  is 
“pretty  serious,”  says  James 
Wiedel,  director  of  networking 
at  USC. 

“If  that  really  gets  out  it 
could  cause  a  lot  of  problems,” 
he  says.  “Our  command  ports 
to  the  router  ports  are  pass¬ 


word  protected  before  you 
even  get  to  them.  But  you 
could  telnet  to  them,  so  it 
sounds  like  we’re  vulnerable.” 

Though  the  error  is  present 
in  IOS  9.1  and  later,  certain 
images  in  the  ll.X  versions  of 
IOS  have  been  corrected.  The 
first  regular  1 1 .0  release  con¬ 
taining  the  fix  will  be  11.0(21), 
which  is  tentatively  scheduled 
for  mid-September,  Cisco  says. 

The  company  is  offering 
free  software  upgrades  to  all 
vulnerable  customers,  regard¬ 
less  of  contract  status.  But 
hardware  upgrades,  if  neces¬ 
sary,  will  be  negotiated  on  a 
case-by-case  basis,  Cisco’s 
Long  says. 

Users  can  also  work  around 
the  problem  by  preventing 
interactive  access  to  the  Cisco 
IOS  device,  the  company  says. 
Users  can  apply  access  lists  to 
all  IP  virtual  terminals  and 
restrict  access  to  non-IP  termi¬ 
nals  through  common  configu¬ 
ration  and  command  line 
routines.  ■ 
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oh  spin 


From  spam  to 
propagandaware 


had  expected  to  tackle  other 
topics,  but  I  find  I  need  to  once 
again  hit  the  subject  of  last 
week’s  column:  bulk  e-mail.  The  rea¬ 
son  for  revisiting  the  issue  is  that  I  just 
received  spam  that  creates  a  whole 
new  subcategory  of  junk  e-mail. 

Perhaps  I  should  start  by  defining 
my  terms.  Last  week,  I  glossed 
over  the  distinctions 
between  types  of  spam.  ^991119 

To  begin  with, 
there’s  bulk  e-mail  that 
is  sent  to  you  because 
you  signed  up  some¬ 
where.  This  constitutes 
solicited  bulk  e-mail, 
although  the 

line  between  _ 

solicited  and  unsolicited  is  easi¬ 
ly  crossed  by  too-frequent  postings 
and  content  that  isn’t  quite  what  the 
recipient  expected. 

The  big  boys  in  the  computer 
industry  conduct  this  kind  of  e-mail 
distribution,  and  we  don’t  mind.  We 
actually  want  to  know  what  Microsoft, 
Novell  and  others  are  doing. 

Someone  challenged  my  assertion 
last  week  that  Microsoft  distributes 
spam.  His  point  was  that  if  you  get 
something  from  Microsoft,  you  must 
have  signed  up  for  it.  Well,  sure,  but 
asking  for  one  thing  shouldn’t  result 
in  receiving  a  score  of  other  thinly 
related  items.  Moreover,  it  should  be 
easy  to  get  ^Microsoft  to  stop. 

Several  people  wrote  me  stating 
they  have  received  what  they  con¬ 
sider  spam  from  Microsoft.  A  com¬ 
plaint  raised  by  a  couple  of  readers 
was  that  if  they  reply  with  a  “remove” 
message,  nothing  happens.  Micro¬ 
soft  isn’t  the  only  company  with  this 
problem. 

I  would  suggest  that  any  company 
sending  out  bulk  e-mail  —  no  matter 
how  responsibly  it  might  handle  the 
rest  of  its  operation  —  becomes  a 
spammer  the  first  time  it  fails  to  act 
on  a  remove  request. 

The  opposite  of  solicited  e-mail  is, 
of  course,  unsolicited  e-mail.  Most 
spam  campaigns  use  a  buckshot 
approach:  load  up  the  e-mail  cannon 
and  blast  away.  But  some  spammers 


do  attempt  to  target  their  messages. 

Targeting  assumes  the  recipients 
can  be  identified  as  suitable  goals 
for  the  message’s  pitch.  In  the  real 
world,  targeting  is  a  science.  A  direct 
mail  company  might  take  several 
lists  of  five  or  10  million  names  each 
and  analyze  them  a  dozen  ways. 

A  direct  mail  company  will 
^  slice  and  dice  lists  until  it 
whittles  them  down  to, 
say,  250,000  names,  to 
HyH*  whom  it  expects  to 
have  a  reasonable 
chance  of  selling  a 
product  or  service. 

This  kind  of  care  is  nec¬ 
essary  when  each  item 
the  company  sends  out 
costs  at  least  50  cents  or  more. 

But  on  the  Internet,  targeted  spam 
is  rare  because  the  costs  are  minute. 

Now  in  all  the  above  cases,  the 
bulk  e-mailer  wants  to  sell  you  some¬ 
thing  —  get  rich  quick,  visit  my  site, 
buy  this  product  and  so  on.  But  this 
new  form  of  spam  I  received  isn’t 
trying  to  sell  you  anything.  The 
author  doesn’t  want  you  to  go  to  any 
Web  site,  respond  to  the  message  or 
do  anything.  That  is,  anything  other 
than  believe  him. 

This  message  starts  out  discussing 
the  good  old  Year  2000  problem  and 
predicting  gloom,  doom  and  a  gnash¬ 
ing  of  teeth.  It  then  goes  on  to  dis¬ 
cuss  religion  —  it  is  actually  a  dressed 
up  religious  tract.  The  author  says 
that  the  return  address  won’t  work 
and  that  no  more  messages  will  be 
sent.  This  is  the  digital  version  of 
anonymous  pamphleteering. 

I  predict  this  kind  of  agenda 
spreading  will  become  an  enormous 
source  of  spam  and  will  be  much 
harder  to  deal  with  than  commer¬ 
cially  oriented  spam.  I  haven’t  found 
a  good  name  for  this  stuff  yet,  but 
propagandaware,  e-prop  and  e-puff 
are  contenders. 

Let  me  know  if  you  get  any  of 
these  messages  and  your  suggestions 
for  a  name  for  them. 

Memos  to  nwcolumn@gibbs.com  or  (800) 
622-1108,  Ext.  7504. 
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The  latest  on  the  Sntemet/lntranet  Industry 


Chris  Nerney 


HOTSPOT,  WE’LL  NEVER  KNOW  YE  it’s  time  for  Sun  to  admit  the  obvious: 

The  long-promised  HotSpot  compiler  technology  intended  to  double 
the  speed  of  Java  applications  simply  doesn’t  exist. 

HotSpot  dearly  is  Sun’s  little  practical  joke  on  the  Java  community. 
How  else  can  the  by-now  ridiculous  delays  of  its  release  be  explained? 

Announced  in  April  1997  as  part  of  a  detailed  Java  roadmap,  HotSpot 
originally  was  scheduled  to  be  part  of  the  Java  Development  Kit  (JDK) 
1.2  slated  for  release  in  the  summer  of  that  year. 

Several  months  later,  Sun  announced  that  HotSpot’s  debut  would  be 
pushed  back  to  spring  1998.  Then  it  became  this  fall. 

Now  we  are  told  that  HotSpot  won’t  appear  before  February  1999. 

Of  course,  JDK  1.2,  which  is  much  more  significant  technology,  also 
has  been  delayed  several  times.  Last  week  Sun  announced  that  JDK  1.2’s 
scheduled  September  ship  date  has  been  pushed  back  to  November. 

However,  at  least  there  have  been  several  beta  versions  of  the  next 
JDK;  and  some  parts,  such  as  the  graphical  user  interface  component 
called  Swing,  have  already  been  released.  So  we  know  a  newJDK  actually 
is  in  the  works. 

HotSpot  is  a  different  story.  Supposedly,  alpha  users  have  been  testing 
the  technology,  but  try  getting  the  name  of  one  from  Sun  representatives. 
It’s  like  the  users  are  in  the  witness  protection  program. 

Claims  from  Sun  officials  that  they’re  delaying 
HotSpot  to  make  the  technology  as  good  as  possible 
ring  hollow.  What’s  more  likely  is  they  can’t  get  the 
darned  thing  to  work  at  all. 

Sun  owes  it  to  Java  developers  to  come  clean 
about  HotSpot.  If  it  doesn’t,  Sun  will  be  guilty  of 
something  that  it  and  others  accuse  Microsoft  of 
doing  —  trying  to  freeze  the  market  with  false 
promises  while  Sun  scrambles  to  get  its  act  together. 

A  prediction:  We’ll  see  Elvis  attendingJavaOne 
before  we  ever  see  the  mysterious  HotSpot. 

IN  INTERNET  SECURITY  STOCKS  WE  TRUST  That  blur  you  saw  last  Tuesday 

was  the  initial  public  offering  (IPO)  of  Internet  security  software  start¬ 
up  Entrust  Technologies,  Ltd.,  which  blasted  off  the  launch  pad  to  surge 
almost  60%  above  the  asking  price  of  $16  a  share  before  closing  at  $20. 

The  IPO  raised  $124  million  for  the  company,  which  spun  off  from 
Nortel  in  January  1997. 

Driving  demand  for  the  stock  is  fear,  always  a  great  motivator.  Entrust, 
based  in  Richardson,  Texas,  sells  digital  certificate  technology  designed 
to  protect  online  transactions  from  unscrupulous  hackers. 

And  you  know  what  they  do  to  hackers  down  in  Texas.  That’s  right: 
string  ’em  up,  and  force  them  to  listen  to  country  music  and  eat  red- 
hot  barbecue  sauce.  Not  particularly  high-tech,  but  effective  nonetheless. 

The  ’Net  security  market  is  expected  to  be  huge,  and  Entrust  already 
is  a  major  vendor  of  digital  certificate  technology.  Many  Wall  Street 
types  predict  Entrust  will  be  a  solid,  if  unspectacular,  stock  performer 
over  the  long  term. 

IS  THERE  NO  ESCAPE?  One  of  our  favorite  stock  information  and  discussion 
sites  on  the  Internet  is  Silicon  Investor  (www.techstocks.com). 

The  site  is  full  of  detailed  information  about  public  companies  and 
is  a  favorite  watering  hole  of  chatty  stock  investors,  speculators,  shills 
and  manipulators,  some  of  who  are  the  same  people. 

Unfortunately,  the  site  seems  to  have  gotten  off  topic  these  days. 
While  visiting  Silicon  Investor’s  home  page  last  week,  I  was  greeted  with 
the  following  headline  under  the  “Hot  Topics”  section:  “Clinton’s 
Scandals  —  Is  this  corruption  the  worst  ever?” 

There  goes  the  neighborhood. 

’Net  Buzz,  is  offering  a  reward  to  anyone  who  can  prove  the  existence  of  HotSpot. 
Send  us  your  evidence,  along  with  any  interesting  Internet-  and  intranet-related 
news.  Contact  Chris  Nemey  at  (508)  820-7451  or  cnemey@nww.com. 
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Tullett  &  Tokyo  Forex,  with  23  offices  worldwide,  is  one  of  the  largest  foreign  exchange  brokers  in  the  world.  In 
a  business  where  seconds  mean  the  difference  between  profit  and  loss,  they  need  a  network  that  is  dependable, 
robust  and  fast.  “With  the  Xylan  equipment  we  can  price  things  faster,”  says  Len  Monteleone,  director  of 
information  technology  at  Tullett  &  Tokyo  Forex.  “Our  clients  come  to  us  because  they  know  we  have  a  system 


For  a  full  case  study: 
www.xylan.com/nw 
888  404  6280 


that’s  superior  to  that  of  our  competitors.  We  have  an  intuitive,  very  fast  system  that  enables  us  to  look  at  a  lot 
more  deals  per  day.  Xylan  makes  a  great  product.  I  don’t  think  you  can  get  any  better  than  this.” 

Switching:  LAN,  Layer-Three,  ATM,  Gigabit. 

Interfaces:  Ethernet,  Fast  Ethernet,  Gigabit  Ethernet,  ATM,  Token  Ring,  FDDI,  Frame  Relay,  Voice,  ISDN. 

Services:  Firewalls,  Authentication,  Multicast,  Broadcast  Management,  Protocol  Translation,  Mobility,  QoS, 

Prioritization,  Compression,  Policy-Based  Management. 


xylan 

Switched  Network  Services 


©  1998  Xylan  Cotporalion.  Inc.  Xylan  and  OmniSwilch  are  registered  trademarks  of  Xylan  Cotporalion,  Inc.  All  registered  trademarks  are  property  of  their  respectiw  owners.  All  specifications  are  subject  to  change 
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The  new  SmartSTACK  1 0/1 00  Workgroup  Switch  Family 

Starting  at  just  $125  per  port! 

“ Given  its  port  density  and  fea  ture  richness,  this  is  one  of  the  best 
switches  we  have  seen  for  power  workgroups ” 

—  Ed  Mier,  Mier  Communications 


Think  of  it:  high-speed  workgroup  switching 
to  support  your,  most  important  applica¬ 
tions,  and  a  super  low  price.  Compare 
the  SmartSTACK  family  with  other 
10/100  switches  and  you  simply  won’t  find 
a  better  deal.  Just  look  at  all  the  features... 

•  4.2  Gbps  wire-speed  switching  performance 

•  Half  and  full  duplex  switching  on  all  24  ports 

•  802.1Q  VLANs  and  802.1p  traffic  prioritization  support 

•  Modular  100Base-FX  uplinks 

•  Integrated  Web  management 

•  RMON  (4  groups) 

•  And  much  more! 


As  you’d  expect,  the  new  SmartSTACK 
family  is  an  extension  of  Cabletron’s  Smart 
Networking  strategy,  ensuring  you  longer 
product  lifecycles  and  a  better  overall 
return  on  investment.  That’s  peace  of 
mind;  that’s  what  a  Smart  Network  is  all  about. 

So  what  are  you  waiting  for?  Starting  at  just  $125  per  port  or  $2,995 
per  switch,  the  SmartSTACK  ELS  1 00-2 4TX/TXM  will  be  going  fast. 
Almost  as  fast  as  your  network. 

Call  toll  free  1-877-569-7933  or  contact  your  Cabletron  Authorized 
Reseller  today.  For  more  information,  visit  our  Web  site  at 
www.cabletron.com. 


That’s  Smart. 

That’s  Smart  Networking. 
That’s  Cabletron. 


caBLeTRon 

_ SYSTems 
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NetworkWorld  Q 


VPK98 


TECHNICAL  SEMINARS 


Building  and  Managing 
the  Extended  Enterprise 


SHOWCASE 


Discover  how  you  can  extend  your  network  and  achieve  significant 
cost-savings  using  3Com's  VPN  solutions.  3Com’s  comprehensive  VPN 
application  solutions  offer  scalable  connectivity  with  standards-based  VPN 
tunneling  technology  and  encryption,  user-based  policies  and  powerful 
web-based  management,  making  it  affordable  and  manageable  to  deliver 
secure  access  to  mobile  users,  telecommuters  and  between  sites. 


www.3com.com 


At  this  seminar  you  can  talk  with  leading  experts  from  ADI  about  VPN 
implementation,  and  learn  and  understand  the  innovation  of  ADI’s  product 
line.  ADI’s  product  suite  is  perfectly  positioned  to  deliver  on  the  promise  of 
VPNs  by  providing  an  automated,  scalable,  cost-effective  solution  for 
VPNs.  The  automated  operation,  extensive  security  features  and  dynamic 
switching  capabilities  make  ADI’s  product  line  the  premier  choice  for 
remote  dial-up  access,  site-to-site  connectivity,  extranets  and  partnernets, 
and  communities  of  interest  for  secure  campus  connectivity.  Many  experts 
have  recognized  the  benefits  of  this  new  generation  of  VPN  devices. 


1ADI 


ASSURED  DIGITAL,  INC. 


www.  assured-digital,  com 


Concentric  Network  is  the  leader  in  providing  value-added,  high-performance, 
secure,  cost-effective  and  reliable  IP-based  network  services.  Concentric  Virtual 
Private  Network  (VPN)  solutions  integrate  high-speed  connectivity,  unsurpassed 
security,  and  the  most  comprehensive  service-level  guarantees  in  the  industry. 

In  conjunction  with  Concentric's  24x7  VPN  management,  Concentric  VPNs  offer 
companies  of  all  sizes  the  ideal  business-critical  infrastructure  for  turnkey  intranets 
and  extranets,  including  nationwide  and  international  coverage,  guaranteed 
performance,  and  robust,  managed  security. 


concentric 

network 


www.  concentric,  com 


RedCreek  Communications’  products  ensure  privacy  of  information  trans¬ 
mitted  over  private  and  public  networks  via  DES  encrypted,  Secure  Virtual 
Private  Networks  (VPN).  RedCreek’s  Ravlin®  family  of  IETF  IPSec 
compliant  products  offers  wireline  performance  and  assures  unparalleled 
ease-of-use,  network  scalability  and  transparent  authentication.  The  Ravlin 
product  family  consists  of  the  Ravlin  4  (4Mbit  throughput),  Ravlin  10 
(10  Mbit  throughput)  and  the  RavlinSoft  client  for  remote  users.  Network 
management  is  provided  through  the  RavlinManager,  a  Windows®  95/ 
Windows  NT®  4.0  product  that  supports  industry-standard  SNMP  for 
device  management.  _ . 


RedCreek* 

www.  red  creek,  com 


ADC  Kentrox,  the  Network  Access  Company,™  is  the  world’s  leading  provider  of 
high-speed  wide-area  network  (WAN)  access  equipment  for  global  networks. 

The  company's  policy-based  access  products  enable  service  providers  to  offer 
customers  higher  valued  services,  as  well  as  offer  users  a  means  to  better  manage 
their  WAN  resources.  In  addition,  the  SecureVision™  family  of  products,  coupled 
with  the  DataSMART®  DSU/CSUs,  allows  corporations  to  use  the  Internet  and  other 
IP  networks  to  securely  extend  corporate  intranets,  establish  secure  extranets,  and 
provide  remote  users  and  telecommuters  with  secure  access  to  selected  corporate 
resources.  With  these  products,  enterprise  users  can  ensure  the  privacy,  integrity, 
and  authenticity  of  their  corporate  data,  without  compromising  WAN  efficiency 
or  throughput. 


iE  Kentrox 


The  Network  Access  Company™ 


www.kentrox.com 


Bay  Networks 

Where  Information  Flows' 

www.  baynetworks.  com 


The  Indus  River  Networks  VPN  solution  features  simplicity,  manageability 
and  scalability.  The  RiverWorks  Enterprise  VPN  simplifies  the  process  of 
remote  access  by  automating  Internet  access  and  fault  resolution. 
RiverWorks  provides  end-to-end  management  of  the  VPN  infrastructure 
with  automated  diagnostic  and  recovery  tools,  remote  user  policy  adminis¬ 
tration,  synchronized  client  updates  and  Internet  performance  and  availabil¬ 
ity  tracking.  And,  RiverWorks  is  designed  for  scalability  with  its  distributed 
system  architecture  and  tunnel  acceleration  protocols. 


www.  indusriver.  com 


Shiva  Corporation  is  a  leading  global  provider  of  remote  access  for  busi¬ 
ness.  Shiva  connects  employees,  customers  and  partners  securely  and 
reliably  to  business  networks  with  integrated  telephone  network  and 
Internet-based  solutions.  Its  products,  known  for  their  ease  of  use  and 
high  performance,  are  inexpensive  to  operate,  easy  to  use,  and  have  a 
robust  feature  set  for  small  to  midsize  corporations.  Shiva  has  an  impres 
sive  history  of  industry  “firsts”  and  an  exceptional  number  of  awards  for 
product  excellence.  For  more  information  visit  us  @  www.shiva.com  or 
tel:  (800)-977-4482,  (508)-788-3061,  Fax:  (508)-788-1 539. 


Shiva. 


www.shiva.com 


Xyplex  Networks,  a  division  of  MRV  Communications,  continues  its  17- 
year  history  of  providing  leadership  network  solutions.  Xyplex  Networks 
access  products  include  the  EdgeGuardian  integrated  VPN  WAN  router, 
branch  office  routers,  access  servers  and  chassis-based  solutions. 

Our  Switched  LAN  infrastructure  capabilities  range  from  low-cost,  high- 
density  Ethernet  and  10/100  switches  to  multiport  Gigabit  Ethernet 
solutions.  Our  product  set  is  further  enhanced  through  our  award 
winning  24/7  support  services. 


Xy  p  I  e  x 

»  ■networks 

www.xyplex.com 


Ascend  Communications,  Inc.  develops,  manufactures  and  sells  wide  area  network¬ 
ing  solutions  for  enterprise  customers,  telecommunications  carriers  and  Internet 
service  providers  worldwide.  Today,  Ascend's  MultiVPN  solutions  are  fast  becoming 
the  premiere  choice  for  organizations  everywhere.  Ascend,  with  its  award-winning 
Enterprise  access  solutions,  coupled  with  its  unsurpassed  installed  base  and  expe¬ 
rience  with  the  Service  Provider  infrastructure,  is  the  first  vendor  to  adopt  a 
“provider/subscriber"  approach  to  VPNs.  This  approach  closely  links  Enterprises 
and  Service  Providers  and  delivers  a  solution  that  offers  a  choice  of  VPN  imple¬ 
mentation.  MultiVPN  from  Ascend.  It’s  a  whole  new  way  of  networking. 


ASCEND 

WHERE  NETWORKING  SOLUTIONS  NEVER  END 

www.ascend.com 


Bay  Networks,  Inc.  (NYSE:  BAY)  is  a  leader  in  the  worldwide  networking 
market,  providing  a  complete  line  of  products  that  serve  corporate  enter¬ 
prises,  service  providers  and  telecommunications  carriers.  The  company 
offers  frame  and  ATM  switches,  routers,  shared  media,  remote  and  Internet 
Access  solutions,  IP  services  and  network  management  applications,  all 
integrated  by  Bay  Networks’  Adaptive  Networking  strategy.  With  head¬ 
quarters  in  Santa  Clara,  California,  Bay  Networks  markets  its  products 
and  services  around  the  world,  providing  7x24-support  coverage. 


Compatible  Systems’  IntraPort™  family  of  VPN  Access  Servers  delivers 
comprehensive  networking  and  security  features  for  central  office,  branch 
office  and  roving  users/telecommuters.  All  IntraPort  servers  are  fully  com¬ 
patible  with  existing  firewalls,  routers  and  service.  Multiprotocol  support 
over  IPSec  and  a  broad  range  of  client  software  let  users  continue  to  work 
on  the  computing  platform  of  their  choice.  With  the  IntraPort  family, 
Compatible  Systems  has  delivered  second-generation,  field-tested  VPN 
technology  to  every  branch  of  the  corporate  enterprise. 


\  +  J  I  Compatible  Systems 


_  the  VIRTUAL  leader 


www.  compatible,  com 


Intelispan  provides  your  company  with  secure  business  communications 
solutions,  such  as  secure  remote  VPN  access,  business-to-business 
extranets  and  supply-chain  management  solutions  over  a  worldwide 
private  IP  network.  Our  integrated  solution  for  EDI  and  non-EDI  data 
exchange  provides  management,  monitoring  and  transport  of  electronic 
documents  regardless  of  platforms.  Intelispan  provides  everything  you 
need  to  create  collaborative  communities  with  your  trading  partners 
instantly  with  no  capital  investment  or  up-front  costs  to  your  partners. 


INTELISPAN 

SECURE  IP  NETWORK 

www.  intelispan.  com 


WorldCom  Advanced  Networks  Incorporated  is  a  leading  provider  of  integrated 
global  solutions  across  thousands  of  cities  in  114  countries.  WorldCom  Advanced 
Networks  provides  safe  and  reliable  Internet,  Intranet  and  Virtual  Private 
Networking  solutions  to  large  corporations  with  mission-critical  applications. 
Offering  dedicated  and  dial  Internet  access,  IP  tunneling,  Web  hosting, 
E-commerce  and  managed  security  services,  WorldCom  Advanced  Networks 
delivers  fully  integrated,  end-to-end  solutions  to  over  1,500  companies  worldwide 
For  more  information  on  WorldCom  Advanced  Networks,  call  800-443-0389. 
Outside  the  USA,  call  1-614-723-5000. 


W^RLD 

COM. 

ADVANCED 

NETWORKS 

www. worldcom.net 


If  you  are  interested  in 
sponsorship  opportunities 
please  contact 
Andrea  D’Amato  at 
(508)  820-7520  or 


Oh;  Ti  t.  ’ 


adamato@nww.com 


The  new  SmartSTACK  1 0/1 00  Workgroup  Switch  Family 

Starting  at  just  $125  per  port! 

“ Given  its  port  density  and  feature  richness,  this  is  one  of  the  best 
switches  we  have  seen  for  power  workgroups  ” 

—  Ed  Mier,  Mier  Communications 


Think  of  it:  high-speed  workgroup  switching 
to  support  your  most  important  applica¬ 
tions,  and  a  super  low  price.  Compare 
the  SmartSTACK  family  with  other 
10/100  switches  and  you  simply  won’t  find 
a  better  deal.  Just  look  at  all  the  features... 

•  4.2  Gbps  wire-speed  switching  performance 

•  Half  and  full  duplex  switching  on  all  24  ports 

•  802. IQ  VLANs  and  802.1p  traffic  prioritization  support 

•  Modular  100Base-FX  uplinks 

•  Integrated  Web  management 

•  RMON  (4  groups) 

•  And  much  more! 


As  you’d  expect,  the  new  SmartSTACK 
family  is  an  extension  of  Cabletron’s  Smart 
Networking  strategy,  ensuring  you  longer 
product  lifecycles  and  a  better  overall 
return  on  investment.  That’s  peace  of 
mind;  that’s  what  a  Smart  Network  is  all  about. 

So  what  are  you  waiting  for?  Starting  at  just  $125  per  port  or  $2,995 
per  switch,  the  SmartSTACK  ELS  1 00-24TX/TXM  will  be  going  fast. 
Almost  as  fast  as  your  network. 

Call  toll  free  1-877-569-7933  or  contact  your  Cabletron  Authorized 
Reseller  today.  For  more  information,  visit  our  Web  site  at 
www.cabletron.com. 


That’s  Smart. 

That’s  Smart  Networking. 
That’s  Cabletron. 


caBLeTRon 

_ SYsrems 


